Cheerleaders Gone Wild clickjacking spreads virally across Facebook

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

We’re seeing many messages right now being posted from the accounts of Facebook users saying:

Cheerleaders gone wild – have to see this

accompanied by the image of a midriff-baring cheerleader carrying two pom-poms.

Cheerleaders gone wild message on Facebook

If that’s enough to tempt you into investigating further, you may well click on the link which will take you to the following Facebook page:

Cheerleaders gone wild page on Facebook

The page claims that the content you are about to access is “inappropriate for some users” as it “may contain shocking graphics, nudity or disrespect other individuals”. The warning (which is designed to appear like an official Facebook message) asks you to confirm that you are 18 years old or older before you can proceed.

Sign up to our free newsletter.
Security news, advice, and tips.

With your appetite now whetted, you are next prompted to press the numbers 1, 2 and 3 in a particular order to prove that you really are a human being.

Cheerleaders gone wild ask you to press buttons

Unfortunately for you, when you click on the buttons you are really being clickjacked. You may think you are just pressing numbers in a particular sequence, but in fact your mouse clicks are invisibly confirming that you “Like” the “Cheerleaders gone wild” page (something that you may not want your friends and family to see), which gets communicated to other Facebook users via your newsfeed.

Cheerleaders gone wild update

Furthermore, you were also clickjacked into liking pages called Funniest Videos On the Web” and “Free ringtones every day”. But you may not realise this unless you examine your profile carefully and check your list of “liked” pages.

Account with additional 'liked' pages

But you probably haven’t noticed any of this, of course, because by now you are watching a YouTube video of a group of young cheerleaders up to antics which, quite frankly, I didn’t find at all shocking and didn’t involve any nudity. At least that was the case when I checked it out.

Cheerleaders gone wild video

Of course, there was no need to help the spammers by jumping through all these hoops in order to watch the video – you could have just seen it on YouTube.

If you were hit by this latest Facebook scam, clean up your profile and remove references to the “Cheerleaders Gone Wild” and other pages.

You should always be wary of suspicious out-of-character posts made by your Facebook friends.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.