"Facebook color changer" app leads to malware, account hijacking
Posted on 11.08.2014
The change-your-Facebook-color scam is once again targeting inexperienced users of the social network, and they are once again falling for it. According to researchers from Cheetah Mobile, some 10,000 users have already been duped.

The scam takes the form of a malicious app:

Following the offered link leads users to a scammy website where they are instructed to view a color changer tutorial video, which will covertly steal the users' Facebook “access token," meaning that the scammers will be able to temporarily access their accounts and spread the scam further to their friends.

"If a user doesn’t view this video, it then tries a new way to spread the malicious software, by getting consumers to download a malicious application," warn the researchers.

"If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises users to 'download now' a suggested app."

Users are advised to be wary of similar offers on Facebook, and those who have already fallen for the scam are urged to change their Facebook account password immediately, remove the "Facebook color changer" app from it, and use a legitimate AV solution to detect and remove any malicious software that might have been installed on their device.


More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 31st