Color changing malware

"Color Changing Malware" is a malware that is designed to penetrate others facebook account and steal their personal details. The technique was discovered by security researchers working at Cheetah Mobile in 2012. The color change scam tricks users into downloading malware via a site that claims to let users change the colors of their Facebook profile.

Principle

The malware begins by advertising an app that tells Facebook user's they can change the theme color of their profile. Download the app and you're directed to a malicious phishing site.

How IT Works

The color change malware keeps coming back because it exploits a vulnerability in the app page itself in Facebook, allowing hackers to install malicious code and viruses into applications based on the social networking site. When users access the app through Facebook, they are redirected to phishing sites. And once on a phishing site, it is now possible for hackers to steal personal information of the computer being used.

For PC users

The website targets users in two ways. First it steals the user's Facebook Access Tokens by asking them to view a color changer tutorial video. Temporary access to the tokens allows hackers to connect to the user’s Facebook friends. If a user doesn’t view this video, the site then tries to get them to download the malicious application. If a user is on a PC, the site leads them to download a pornographic video player.

For mobile users

If the user is on an Android device, the site issues a warning saying the device has been infected and advises users to download a suggested app.

How to remove if user already installed the app

It's easy to fall victim to app-based malware because many trust Facebook to be secure. If the app is already installed, simply uninstalling it should take care of the problem. To do this, just go to the app menu in Facebook. It is also important to change Facebook passwords to prevent unauthorized access to accounts.

   A more lasting solution is to disable apps completely in Facebook, preventing future malicious apps from being installed. Take note, however, that doing so will affect the use of third-party apps that use Facebook credentials for logging in.

Case study

The latest iteration of the scam has already affected more than 10,000 people around the world.