Facebook profile color change malware is back, affects thousands

What's the world come to when wanting to change a Facebook color theme can get one in trouble? Unfortunately, this isn't the first time this happened.

The color change malware works by tricking users into downloading a malicious program via a site claiming that it can make it possible to change the color scheme of a Facebook profile. It first came out in 2012 and then again in 2013. It's back again in 2014 and so far over 10,000 people have already been infected around the globe, according to Cheetah Mobile, the Chinese internet company that discovered the most recent iteration of the color change malware.

"The phishing site has two ways or attacking consumers. First, by stealing the users Facebook ‘Access Tokens' by asking them to view a color changer tutorial video. At this point the hackers gain temporary access to these tokens which allows them to connect with the user's Facebook friends," explains Cheetah Mobile.

If the tutorial video isn't viewed, the phishing site looks for another opportunity to spread malware by getting users to download an application that is malicious. It will come in the form of a pornographic video player for PC users while those with Android devices will receive a notification that their device has been infected so an app must be downloaded to take care of the problem.

The color change malware keeps coming back because it exploits a vulnerability in the app page itself in Facebook, allowing hackers to install malicious code and viruses into applications based on the social networking site. When users access the app through Facebook, they are redirected to phishing sites. And once on a phishing site, it is now possible for hackers to steal personal information off of the computer being used.

It's easy to fall victim to app-based malware because many trust Facebook to be secure. If the app is already installed, simply uninstalling it should take care of the problem. To do this, just go to the app menu in Facebook. It is also important to change Facebook passwords to prevent unauthorized access to accounts.

A more lasting solution is to disable apps completely in Facebook, preventing future malicious apps from being installed. Take note, however, that doing so will affect the use of third-party apps that use Facebook credentials for logging in.

Facebook has not commented on the issue so it is unclear if the company is working on a solution for the color change malware or app-based malware in general.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Facebook
Join the Discussion
Real Time Analytics