You are here: Home / Network Security / Beware Facebook Color Scam
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Facebook Color Change Scam Spreads Malware
Facebook Color Change Scam Spreads Malware
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
It’s not exactly a new scam, but apparently it worked well enough for cyber criminals to dust if off and roll it back out. It’s a malicious color change app and security researchers say it’s compromising thousands of Facebook profiles.

According to the Cheetah Mobile CM Security Researcher lab, hackers are targeting Facebook users with the recycled security threat that leverages the social network to rapidly spread malicious software. Cheetah is calling it the Facebook Color Scam.

Here’s how it works: The virus reels people in by offering them the opportunity to change the colors of their Facebook profiles with an app called Facebook color changer. Although similar color changer scams have spread across the social media site in years past, Cheetah Mobile is reporting this one is especially successful -- it has already affected 10,000 people in several countries.

Two Ways To Attack

“Once clicked, it leads users to a phishing Web site,” the firm said in a blog post. “Cheetah Mobile researchers have found this issue to be happening due to a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications [that] directs users to phishing sites.”

Cheetah reports the phishing site has two ways of attacking consumers. The first way relies on stealing a user’s Facebook “access tokens.” A scammer does this by asking a user to view a color changer tutorial video. Once the victim views the video, the hacker wins temporary access to the tokens. The tokens, in turn, allow the hacker to connect with the Facebook victim’s friends.

“If a user doesn’t view this video, it then tries a new way to spread the malicious software, by getting consumers to download a malicious application,” Cheetah Mobile explained. “If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises users to 'download now' a suggested app, images below.”

The good news is there is a solution -- both for users who have been already infected with the malware and users who are working to avoid falling prey to these hackers and other scammers trolling on Facebook. Cheetah Mobile reports Facebook users who have followed the instructions on the tutorial video can simply change their passwords and remove the malicious color changer app from their profiles in the app settings. Facebook users who haven’t visited the color changing site can install security software from Cheetah Mobile and other companies to ensure their mobile devices stay safe. (continued...)

1  2  Next Page >

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.