The Facebook Color Changer app promises users the ability to change the dominant color in their Facebook profile from the standard blue color. However, the app is not what it is supposed to be.
According to the Cheetah Mobile CM Security Researcher lab, the Color Changer app is actually a new kind of security threat in disguise, with the app targeting the users of the social network in the attempt of spreading malicious software.
Cheetah Mobile is naming the virus the Facebook Color Scam, in a post that the company wrote on its official blog.
There have been similar viruses posing as color changing apps on Facebook in the past, but Cheetah Mobile is the first company to discover the return of the scam.
According to Cheetah Mobile, the Facebook Color Scam has already affected 10,000 users in several countries.
The virus appears as a Facebook app that can be shared or posted on the News Feed. Once users click on the posted link, they are redirected to a phishing website.
Researchers at Cheetah Mobile discovered that the virus is exploiting a vulnerability that can be found in the app page of Facebook. The vulnerability allows hackers to implant malicious code and viruses into apps on Facebook, which then redirects users to the harmful phishing websites.
The code used by the Facebook Color Scam makes users believe that they are visiting the webpage "apps.facebook.com/themsandcolors," before automatically redirecting them to the phishing website.
Once the user lands on the phishing website, the hackers have two options of launching an attack. The first option is to steal the access tokens of the user by requesting them to watch a tutorial video on the fake color changer app. Once the user has watched the video, hackers can temporarily control the access tokens of the user, giving them the ability to connect with his or her Facebook contacts.
If the user declines to watch the video, the hackers use the second option of making the user download a malicious program. If the user is on a desktop computer, the website will redirect them to a download page for a porn video player. If the user is on an Android device, the website will show a warning message that states that the device has received an infection, and that the users should download a suggested app.
Users that have been tricked by the Facebook Color Scam may be able to circumvent the hack by first changing the password for the affected account. The user can then go to the app settings of Facebook and remove the color changer app from linking to their account.
