Attackers are abusing a cross-site scripting (XSS) bug on Facebook to redirect victims to a browser locker page that conducts tech support scams, warned Malwarebytes Labs. They are using Facebook to send out malicious links that redirect victims to the browser locker page. Once there, the page mimics a virus scan and warns that the hard drive will be deleted in five minutes if the victim doesn't call the tech support number.
- Browser lockers are fraudulent pop-ups that create the illusion that the computer has been locked and instructs the victim to call for remote assistance.
- Tech support browser lockers are one of the most common web threats, according to Malwarebytes Labs.
- An XSS bug is a web security vulnerability that enables an attacker to compromise the interactions between users and affected applications.