HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 13 MINUTES AGO.
You are here: Home / Network Security / Beware Facebook Color Scam
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Facebook Color Change Scam Spreads Malware
Facebook Color Change Scam Spreads Malware
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
11
2014


It’s not exactly a new scam, but apparently it worked well enough for cyber criminals to dust if off and roll it back out. It’s a malicious color change app and security researchers say it’s compromising thousands of Facebook profiles.

According to the Cheetah Mobile CM Security Researcher lab, hackers are targeting Facebook users with the recycled security threat that leverages the social network to rapidly spread malicious software. Cheetah is calling it the Facebook Color Scam.

Here’s how it works: The virus reels people in by offering them the opportunity to change the colors of their Facebook profiles with an app called Facebook color changer. Although similar color changer scams have spread across the social media site in years past, Cheetah Mobile is reporting this one is especially successful -- it has already affected 10,000 people in several countries.

Two Ways To Attack

“Once clicked, it leads users to a phishing Web site,” the firm said in a blog post. “Cheetah Mobile researchers have found this issue to be happening due to a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications [that] directs users to phishing sites.”

Cheetah reports the phishing site has two ways of attacking consumers. The first way relies on stealing a user’s Facebook “access tokens.” A scammer does this by asking a user to view a color changer tutorial video. Once the victim views the video, the hacker wins temporary access to the tokens. The tokens, in turn, allow the hacker to connect with the Facebook victim’s friends.

“If a user doesn’t view this video, it then tries a new way to spread the malicious software, by getting consumers to download a malicious application,” Cheetah Mobile explained. “If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises users to 'download now' a suggested app, images below.”

The good news is there is a solution -- both for users who have been already infected with the malware and users who are working to avoid falling prey to these hackers and other scammers trolling on Facebook. Cheetah Mobile reports Facebook users who have followed the instructions on the tutorial video can simply change their passwords and remove the malicious color changer app from their profiles in the app settings. Facebook users who haven’t visited the color changing site can install security software from Cheetah Mobile and other companies to ensure their mobile devices stay safe. (continued...)

1  |  2  |  Next Page >

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
IT departments are embracing cloud backup, but there's a lot you need to know before choosing a service provider. Learn all the critical things you need to know by accessing the white paper, "5 Things You Didn't Know About Cloud Backup". Access the White Paper now.
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
If you're a Google Gmail user, it's bad news. About 5 million Gmail addresses and plain text passwords were leaked to an online forum on Tuesday. The good news: the data is old, but better security is still needed.

ENTERPRISE HARDWARE SPOTLIGHT
The tech giant is expanding its cloud solutions which promise secure access to enterprise phone, email, and storage apps. The latest addition to the Dell Mobile Workspace involves Vonage and MS Office 365.

MOBILE TECHNOLOGY SPOTLIGHT
On pins and needles for your new iPhone? Prepare to wait a little longer: Apple has exhausted its pre-order supply of the iPhone 6 Plus. AT&T, meanwhile, reported a delay of two weeks for the iPhone 6.

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.