Security News > 2020 > October > Facebook, News and XSS Underpin Complex Browser Locker Attack
Browser lockers are a type of redirection attack where web surfers will click on a site, only to be sent to a page warning them that their computer is infected with "a virus" or malware.
In a recent, widespread campaign, cyberattackers are using Facebook to distribute malicious links that ultimately redirect to a browser locker page, according to researchers.
Open redirects happen when parameter values in an HTTP GET request allow for information that will redirect a user to a new website without any validation that the target is intended or legitimate.
Besides redirecting users to other sites, an attacker could exploit the XSS to rewrite the current page into anything they like, Segura noted.
Once the user lands on the browser-locker page, it fingerprints the user's browser to display a context-appropriate message.