Once the malicious app is installed from Google’s Chrome Web Store, it starts displaying a large Google Ads banner redirecting users to a “work from home scam.” When clicking the sign-up link, users are redirected to a fraudulent website.
The blogs generating under the email address of the victims, which are used in further disseminating the scam, have registered a large number of hits among users in the US, the UK, Germany, Spain, Romania, and other countries.
The app can also post wall messages on the victims' account. The messages use friend tagging to convince the victim’s friends to visit the blog domains. Each time the app posts on a users’ timeline, it links to one of the auto-generated blogs as to avoid blacklisting.
“Scammers gave a new twist to the old change-your-Facebook-color scheme that’s been luring users to fraudulent websites to grab credentials and other sensitive data,” says Catalin Cosoi, Bitdefender's Chief Security Strategist. “By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends.”
According to Softpedia, the app in question - "Modify Your Facebook CoIor" - has been downloaded from the Play Store by over 38,000 users.