Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Malicious Facebook color changer App infected 10000 Users worldwide

Security Experts at Cheetah Mobile have uncovered a new scam based on a fake Facebook Color Changer App which infected 10000 users worldwide. Facebook  is a privileged target for cyber criminals, in many cases old fraud schema are proposed again by bad actors, it is the case of the bogus Facebook “Color Changer” app. Researchers at China-based Internet company […]

Malicious Facebook color changer App infected 10000 Users worldwide

Security Experts at Cheetah Mobile have uncovered a new scam based on a fake Facebook Color Changer App which infected 10000 users worldwide.

Facebook  is a privileged target for cyber criminals, in many cases old fraud schema are proposed again by bad actors, it is the case of the bogus Facebook “Color Changer” app.

Researchers at China-based Internet company Cheetah Mobile have discovered a “Facebook colour changer” app in the wild that tricks Facebook users into downloading it via a malicious phishing site. The  malicious app has already deceived more than 10,000 mobile users worldwide offering the possibility to customize the layout of the Facebook with different colors.

According to the researchers at Cheetah Mobile, the attackers exploited a “a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications that directs users to phishing sites.

The phishing campaign targets victims worldwide using mobile and desktop devices, below the tactics discovered by researchers:

  • Attackers try to steal victim’s Facebook Access Token by requesting to watch a tutorial video on how to change color to with the app, with this trick attackers are able to access victim’s Facebook friends.
  • If the victim doesn’t watch the video, then the malicious website requests victim to download the color changer application which is used to infect their device.

Desktop PC users are lead to a malicious website to download a pornographic video player, meanwhile Android users were displaying a warning message that informed them that their device has been infected and advised to download a specific application to sanitize it.

 

facebook-mobile-logo

 

So be aware of any advertisement or mobile app that promises you to personalize Facebook layout and colors, but if you are one of the victims of this scam uninstall the malicious application as soon as possible and change your Facebook password.

As usual protect your mobile with defense solutions and install applications only from trusted app stores.

Pierluigi Paganini

(Security Affairs –  Facebook,  scam)