Internet security firm Cheetah Mobile revealed in a blog post today that a Facebook app that claims to let you change the color of your profile page is actually malware in disguise.
Here’s how it works: As soon as you click a link to download the Facebook Color Changer app, you’re taken to a phishing site. This was only possible because of a vulnerability in Facebook that permits hackers to put malicious code straight into Facebook apps. If you click on the color-changing offer link, you’re taken to what looks like a legitimate page for the fake Facebook Color Changer app. CM estimates that roughly 10,000 people have been afflicted by the Facebook Color Changer scheme.
This dastardly page can take control of your Access Tokens by asking you to watch a tutorial on how to change the color on your profile. From there, hackers can connect to people in your friends list on Facebook. If you’re on a PC, it will take you to a page containing a link to download a malicious video playing app for watching porn.
Android-based victims, you will see a notification warning of a malware infection. It will ask you to install an anti-malware app. However, that app is malicious, and should be avoided.
Fortunately, there’s a way to rid your PC or Android device of the malware associated with the Facebook Color Changer app. Here’s how.
How to remove the Facebook Color Changer malware
If you’re afflicted by the Facebook Color Changer malware, uninstall the app from your Facebook accounts, and change your account passwords, reports Cheetah Mobile. Of course, you should also update your malware detecting apps and run scans ASAP.