Malicious Facebook color changer App infected 10000 Users worldwide

Security Experts at Cheetah Mobile have uncovered a new scam based on a fake Facebook Color Changer App which infected 10000 users worldwide.

Facebook  is a privileged target for cyber criminals, in many cases old fraud schema are proposed again by bad actors, it is the case of the bogus Facebook “Color Changer” app.

Researchers at China-based Internet company Cheetah Mobile have discovered a “Facebook colour changer” app in the wild that tricks Facebook users into downloading it via a malicious phishing site. The  malicious app has already deceived more than 10,000 mobile users worldwide offering the possibility to customize the layout of the Facebook with different colors.

According to the researchers at Cheetah Mobile, the attackers exploited a “a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications that directs users to phishing sites.”

The phishing campaign targets victims worldwide using mobile and desktop devices, below the tactics discovered by researchers:

So be aware of any advertisement or mobile app that promises you to personalize Facebook layout and colors, but if you are one of the victims of this scam uninstall the malicious application as soon as possible and change your Facebook password.

As usual protect your mobile with defense solutions and install applications only from trusted app stores.

Pierluigi Paganini

(Security Affairs –  Facebook,  scam)