One of
Facebook’s oldest scams has resurfaced, this time infecting more than 10,000
people around the world, according to Cheetah Mobile, a Chinese Internet company.
The
app, called “Facebook color changer” claims it can change the color of users’
profiles. The link appears to take people to apps.facebook.com/themsandcolors,
but instead redirects them to a malicious phishing site.
Cheetah
Mobile found that this iteration of the scam stems from an apparent
vulnerability in Facebook’s app page. This vulnerability lets hackers implant
viruses and malicious code into Facebook-based applications, which direct users
to phishing sites, it said.
This
malware has already infected almost 10,000 computers around the
world. Facebook reportedly fixed this malicious software that wrought
havoc on multiple accounts before but the malware has resurfaced.
Cheetah
Mobile, confirmed this app infects devices by downloading malware that
compromises users’ accounts.
Cyber
criminals target users’ accounts using applications that implant malicious
codes embedded in viruses and malware. Users that fall victim to the app are
then directed towards phishing sites.
Unfortunately,
this security issue is a loophole that exists on Facebook’s app page
itself. This malware targets users by using two methods. It asks a user to
view a color changer tutorial video that really steals the user’s Facebook
Access Tokens when they connect to the user’s other Facebook friends.
If
the tutorial video isn’t viewed, the phishing site looks for another
opportunity to spread malware by getting users to download an application that
is malicious. It will come in the form of a pornographic video player for PC
users while those with Android devices will receive a notification that their
device has been infected so an app must be downloaded to take care of the
problem.
The
color change malware keeps came back because it exploits a vulnerability in the
app page itself in Facebook, allowing hackers to install malicious code and
viruses into applications based on the social networking site. When users
access the app through Facebook, they are redirected to phishing sites. And
once on a phishing site, it is now possible for hackers to steal personal
information off of the computer being used.
0 comments:
Post a Comment