A new Twitter XSS exploit was identified in the wild as it started to be used by cybercriminals overnight. The malicious JavaScript payload that’s being distributed is rather simple. It uses an XSS (Cross-Site Scripting) vulnerability to steal the cookie of the Twitter user, which is transferred to two specific servers. Essentially, any account which clicked on the malicious links is compromised.
![Twitter XSS in the wild](https://cdn-ak-scissors.b.st-hatena.com/image/square/79fb88913b8d6e9ba49114d8f168545c0a55c5ba/height=288;version=1;width=512/https%3A%2F%2Fmedia.kasperskycontenthub.com%2Fwp-content%2Fuploads%2Fsites%2F43%2F2018%2F11%2F11130459%2Fsecurelist_abs_10.jpg)