A sophisticated browser locker campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site. The web surfers will click on a site, only to be sent to a page warning them that their computer is infected with a virus or malware. The page typically urges targets to call a number on the screen for tech-support help . If they fall for it, they re connected to a call center where they’re asked to pay a fee to clean their machines.
Source: https://threatpost.com/facebook-xss-browser-locker/160465/