The Cheetah Mobile CM Security Researcher lab has detected a new security threat that targets Facebook users as hackers are using the social media site to spread malicious software. The virus, that Cheetah Mobile is calling Facebook Color Scam, entices people by offering them the ability to change the color of their Facebook profile through an app called Facebook color changer. Similar color changer scams have affected Facebook in the past, but Cheetah Mobile is the first to warn that this scam is back again with Cheetah Mobile researchers estimating the scam impacting more than 10,000 people in multiple countries.
According to user feedback, the Facebook color changer app, as pictured below, claims it can change the color of a user’s Facebook layout.
Once clicked, it leads users to a phishing website. Cheetah Mobile researchers have found this issue to be happening due to a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications directs users to phishing sites. The code, pictured below, takes users who believe they are visiting the URL “apps.facebook.com/themsandcolors” and automatically reroutes them to a malicious phishing site.
The phishing site has two ways or attacking consumers. First, by stealing the users Facebook “Access Tokens” by asking them to view a color changer tutorial video. At this point the hackers gain temporary access to these tokens which allows them to connect with the user’s Facebook friends.
If a user doesn’t view this video, it then tries a new way to spread the malicious software, by getting consumers to download a malicious application. If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises users to “download now” a suggested app, images below.
Luckily there is a solution for users who have been already infected and users who are looking to proactivly protect themselves from this scam and others like it.
For those who have followed the tutorial video, change your Facebook password immediately and remove the color changer app from your profile by visiting your Facebook app settings. Additionally, use the CM Security or Clean Master app to scan your device, keeping it safe and clean.
For those who haven’t visited the site, install CM Security to ensure your device’s safety in real-time. CM Security will alert you when you are directed to a malicious site, see image below.