- CyberCrime Center
August 20, 2014
Clicking on “Facebook Color Changer” App Will Leave You Purple —with Rage.
Okay you don’t like Facebook’s standard royal blue. Well there’s an app called “Facebook color changer” that promises to change the color of your Facebook page from royal blue to any color you choose.
Don’t click on it
However, if you click on it, writes Dave Smith on businessinsider.com (link to article), you’ll end up rerouted to a malicious phishing site whose aim is infecting your computer.
10, 000 victims
The scam was discovered by Cheetah Mobile security researchers who say more than 10,000 people around the world have become victims. Smith writes that the app (maybe trap is a better word) works like this:
[When users click on the app, they are] directed to a phishing website that steals [user] Facebook “access tokens.” [Hackers] can use [the tokens] to connect with [users’] Facebook friends and spam them.
The Facebook color malware can also prompt users to download a separate video application, or a separate app if [they’re] using an Android phone. Both pieces of software contain malware, which could be used for more nefarious purposes than scamming [users’] friends, particularly if the malware can log…keystrokes or access other data points on [on users’ computers.]
How to get rid of it
Anyone inadvertently clicking on the “Facebook color changer” app can remove it by going to Facebook app settings. However, after removing the app, Cheetah Mobile recommends the user change his/her password.
After all this, you still can’t stand looking at a royal blue Facebook page. Then, go to Google Chrome and try the “Color My Facebook” add-on, which Smith notes, “lets you change the color scheme to pretty much any color you could think of.”
Wonder if it works for plaid.
ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, Building Trust on the Internet, CNP fraud, Context-Based Authentication, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Data Breach, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, Trust Tags, TrustDefender Cybercrime Protection Platform, Web Fraud