CHINA TOPIX

Updated 11:29 AM EDT, Tue, Jun 16, 2020

Make CT Your Homepage

Don't Click On Facebook's Color Changing App: It's Malware

Facebook is down

(Photo : Reuters)

A Facebook app that promises to change the overall look and color scheme of any user's profile page is malware that hacks into PCs and smartphones.

This malware disguised as a color changing app has already infected almost 10,000 computers around the world. It offers users the chance to change the default blue color of their Facebook profile page and replace it with one of nine colors.

Like Us on Facebook

Facebook reportedly fixed this malicious software that wrought havoc on multiple accounts before but the malware has resurfaced.

Chinese internet security firm, Cheetah Mobile, confirmed this app infects devices by downloading malware that compromises users' accounts.

Cyber criminals target users' accounts using applications that implant malicious codes embedded in viruses and malware. Users that fall victim to the app are then directed towards phishing sites.

Unfortunately, this security issue is a loophole that exists on Facebook's app page itself.

This malware targets users by using two methods. It asks a user to view a color changer tutorial video that really steals the user's Facebook Access Tokens when they connect to the user's other Facebook friends.

The second method tries to get the user to download this malicious application should the user not view the video.

If the user is on a PC, the site leads him to download a pornographic video player.

But if the user is on an Android device, the site shows a security warning that "confirms" that the user's device has been infected. It advises the user to download this malware disguised as an app as a quick fix.

For the past two years, this malware recurred in Facebook's app platform and has infected thousands of devices.

Those who've already fallen into this phishing trap should uninstall this app immediately and change their passwords.

Cheetah Mobile advises users to completely disable all their apps on their app page so other potential malicious apps can't implant any malware on a user's software. Doing so, however, may also affect a user's access to third-party apps that require logins.

Real Time Analytics