If any day you receive an app notification on Facebook, offering the ability to change the colour theme of your profile, then be careful as it might be the “colour change” malware. The latest iteration of the scam is one of the oldest Facebook viruses and has already affected more than 10,000 people in multiple countries.
Similar colour changer scams have affected Facebook in the past and has been fixed by site repeatedly but it has resurfaced again. The malware begins by advertising an app that tells Facebook users they can change the colour theme of their profile. Once clicked, it leads users to a phishing website, according to Cheetah Mobile, a Chinese Internet company that highlighted the most recent appearance of the scam in its blog.
The phishing site has two ways of attacking users. First, it steals the users Facebook “Access Tokens” by asking them to view a colour changer tutorial video. At this point the hackers gain temporary access to these tokens that allows them to connect with the user’s Facebook account friends.
If a user doesn’t watch this video, it then tries a new way to spread the malicious software, by getting users to download a malicious application. If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises to “download now” a suggested app, report stated.
It’s not clear if Facebook plans to fix this vulnerability. The company didn’t responds to a request for comment.
But folks, if you have downloaded the app, uninstall it immediately and change your Facebook password. (This can be done from the “app” menu in your Facebook settings).
Cheetah Mobile also recommends disabling Facebook’s apps platform altogether—to ensure other malicious apps can’t be installed in the future.
No comments:
Post a Comment