The colour change scam tricks users into downloading malware from a site via the allure of allowing users to change the colours of their Facebook profiles. The latest version of the scam has infected more than 10,000 users worldwide.
It starts when users click on advertisements for the colour change app which leads to a landing page where they are prompted to watch a video tutorial. Clicking on the video allows hackers temporary access to users’ Facebook Access Tokens through which they connect to users’ Facebook friends.
If users do not view the video, the site prompts them to download the malware application. The malware is cross platform compatible targeting desktops, mobile, android and iOS alike.
Users who have fallen victim to the scam should uninstall the app immediately which can be done via the “app” menu in their Facebook settings and change their passwords.