Facebook is a privileged target for cyber criminals, in many cases old fraud schema are proposed again by bad actors, it is the case of the bogus Facebook “Color Changer” app.
Researchers at China-based Internet company Cheetah Mobile have discovered a “Facebook colour changer” app in the wild that tricks Facebook users into downloading it via a malicious phishing site. The malicious app has already deceived more than 10,000 mobile users worldwide offering the possibility to customize the layout of the Facebook with different colors.
According to the researchers at Cheetah Mobile, the attackers exploited a “a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications that directs users to phishing sites.”
The phishing campaign targets victims worldwide using mobile and desktop devices, below the tactics discovered by researchers:
Desktop PC users are lead to a malicious website to download a pornographic video player, meanwhile Android users were displaying a warning message that informed them that their device has been infected and advised to download a specific application to sanitize it.
So be aware of any advertisement or mobile app that promises you to personalize Facebook layout and colors, but if you are one of the victims of this scam uninstall the malicious application as soon as possible and change your Facebook password.
As usual protect your mobile with defense solutions and install applications only from trusted app stores.
(Security Affairs – Facebook, scam)