It’s not exactly a new scam, but apparently it worked well enough for cyber
criminals to dust if off and roll it back out. It’s a malicious color change app and security
researchers say it’s compromising thousands of Facebook profiles.
According to the Cheetah Mobile CM Security Researcher lab, hackers are targeting Facebook users with the recycled security threat that leverages the social network to rapidly spread malicious software. Cheetah is calling it the Facebook Color Scam.
Here’s how it works: The virus reels people in by offering them the opportunity to change the colors of their Facebook profiles with an app called Facebook color changer. Although similar color changer scams have spread across the social media site in years past, Cheetah Mobile is reporting this one is especially successful -- it has already affected 10,000 people in several countries.
Two Ways To Attack
“Once clicked, it leads users to a phishing Web site,” the firm said in a blog post. “Cheetah Mobile researchers have found this issue to be happening due to a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications [that] directs users to phishing sites.”
Cheetah reports the phishing site has two ways of attacking consumers. The first way relies on stealing a user’s Facebook “access tokens.” A scammer does this by asking a user to view a color changer tutorial video. Once the victim views the video, the hacker wins temporary access to the tokens. The tokens, in turn, allow the hacker to connect with the Facebook victim’s friends.
“If a user doesn’t view this video, it then tries a new way to spread the malicious software, by getting consumers to download a malicious application,” Cheetah Mobile explained. “If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises users to 'download now' a suggested app, images below.”
The good news is there is a solution -- both for users who have been already infected with the malware and users who are working to avoid falling prey to these hackers and other scammers trolling on Facebook. Cheetah Mobile reports Facebook users who have followed the instructions on the tutorial video can simply change their passwords and remove the malicious color changer app from their profiles in the app settings. Facebook users who haven’t visited the color changing site can install security software from Cheetah Mobile and other companies to ensure their mobile devices stay safe. (continued...)