One of Facebook's oldest scams has resurfaced, this time infecting more than 10,000 people around the world, according to Cheetah Mobile, a Chinese Internet company.
The app, called "Facebook color changer" claims it can change the color of users' profiles. The link appears to take people to apps.facebook.com/themsandcolors, but instead redirects them to a malicious phishing site.
Cheetah Mobile found that this iteration of the scam stems from an apparent vulnerability in Facebook's app page. This vulnerability lets hackers implant viruses and malicious code into Facebook-based applications, which direct users to phishing sites, it said.
[Facebook's latest changes include a number of improvements. Read Facebook Privacy: 10 Settings To Check.]
The latest version of the scam works in two ways. First, it asks users who click the link to view a color changer tutorial video. If users view the video, it steals their Facebook access tokens, which gives the hackers temporary access to the user's Facebook friends, Cheetah Mobile said.
"If a user doesn't view this video, it then tries a new way to spread the malicious software by getting consumers to download a malicious application," Cheetah Mobile explained in a blog post. If the person is using a PC, the site leads them to download a pornography video player. Android users will see a warning that their device has been infected and it prompts users to download a suggested app.
Security expert Graham Cluely said this scam continues to surface simply because people want to tweak their account -- whether it's by downloading an app to see who has looked at their profile -- another common scam, he said -- or because they want to turn it bright pink instead of "Zuckerberg blue."
"The key is to always be extremely wary of anything that tells you that you have to share the link or like something before it will let you get your hands on what they have promised," Cluely told InformationWeek. "They're using the lure of a Facebook color change as a way to spread their scam further."
What to do if you're infected
If you've already been infected by this malware, change your password immediately and remove the color changer app from your account. To change your password, visit your account settings and click the Privacy tab. Click Edit next to the Password option.
To remove the app from your account, click the Apps tab on your Settings page. Find the app under "Apps you use," and click the "x" to delete it.
You can also download free antimalware scanning software from Facebook. In May, the social network partnered with Trend Micro and F-Secure to offer this service, which alerts you when it detects that your device might be infected. If you're infected, you'll see a pop-up notification prompting you to download either F-Secure's malware scanning and cleanup technology or HouseCall from Trend Micro.
Cluely advised that all users should exercise caution when using Facebook and clicking on links. "The best protection is to clue yourself up and not be fooled by every message you see from your Facebook friends," he said. "Maybe they have already been duped."
Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Get the Advanced Attacks Demand New Defenses report today. (Free registration required.)