Cheetah Mobile Security has recently issued a warning about a new threat that targets users of the most popular social network in the world. The Facebook Color Changer application claims to offer you the ability to change the colors of the Facebook interface, but installs malicious software instead. The mobile company's researchers estimate that over 10,000 people have already fallen victim to this scam.
Facebook Color Changer's description states that the application will help you change Facebook's layout colors and seems to redirect to the social network's themes and colors section. However, using a vulnerability exploit, the fake link takes you to a phishing site which uses two types of attacks to try and steal your "Access Tokens".
At first, the crooked app will ask you to watch a tutorial video that is supposed to show you how to change the layout colors, but instead helps the application gain access to your Facebook account. If you choose not to watch the video, Facebook Color Changer will redirect the user to a porn video which requires them to download a player, while the Android users will be told that their mobile has been infected and offered a download link to a tool that can help them get rid of the malware. Of course, both of those downloads contain malicious applications.
The good news is that getting rid of this virus seems to be pretty easy. According to Cheetah Mobile, all you have to do is to change your Facebook password and remove the application in question from your app settings section. Of course, the security report also advertises the CM Security and Clean Master apps, which makes me a bit suspicious about the entire post, but maybe that's all just in my head.
As far as I know, this kind of scams isn't new. If I remember correctly, another fake Facebook color changing app created havoc back in February of 2013.