Facebook, News and XSS Underpin Complex Browser Locker Attack

CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications

A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site, researchers said.