A malicious 'color change' application has once again surfaced on the most popular social network, infecting more than thousand users.
The nefarious application, dubbed Facebook Color Changer, claims to let you change the color of your Facebook profile - but it is actually a scam, according to Chinese Internet company Cheetah Mobile.
The malware first came out in 2012 and then again in 2013. Back again in 2014 and so far over 10,000 people have already been infected around the globe, said the internet company.
"Cheetah Mobile researchers have found this issue to be happening due to a vulnerability that lives in Facebook's application page itself, allowing hackers to implant viruses and malicious code into Facebook based applications also directs users to sites," the company wrote in a blog post.
The site has two ways of exploiting users. First, it asks user to watch a so-called color changer tutorial video. If a user watches the video, it steals user's Facebook access tokens, which also gives the hackers temporary access to user's Facebook friends, Cheetah Mobile said.
If a user does not view the video, it tries to get the user to download a malicious application to spread the malware to other people.
"If a user is on a PC, the site leads them to download a pornography video player and if the user is on an Android device, it issues a warning saying the device has been infected and advises users to "download now" a suggested application”, the mobile company explained.
According to the blog post, it is easy to fall victim to app-based malware because many trust Facebook to be secure. If the app is already installed, simply uninstalling it should take care of the problem. To do this, just go to the app menu in Facebook. It is also important to change Facebook passwords to prevent unauthorised access to accounts.
A more lasting solution is to disable apps completely in Facebook, preventing future malicious apps from being installed.
However, Facebook has not commented on the issue so it is unclear if the company is working on a solution for the color change malware or app-based malware in general, Tech Times reports.