The app, called "Facebook color changer" claims it can change the color of users' profiles. The link appears to take people to apps.facebook.com/themsandcolors, but instead redirects them to a malicious phishing site.
Cheetah Mobile found that this iteration of the scam stems from an apparent vulnerability in Facebook's app page. This vulnerability lets hackers implant viruses and malicious code into Facebook-based applications, which direct users to phishing sites, it said.
This malware has already infected almost 10,000 computers around the world. Facebook reportedly fixed this malicious software that wrought havoc on multiple accounts before but the malware has resurfaced.
Cheetah Mobile, confirmed this app infects devices by downloading malware that compromises users' accounts.
Cyber criminals target users' accounts using applications that implant malicious codes embedded in viruses and malware. Users that fall victim to the app are then directed towards phishing sites.
Unfortunately, this security issue is a loophole that exists on Facebook's app page itself. This malware targets users by using two methods. It asks a user to view a color changer tutorial video that really steals the user's Facebook Access Tokens when they connect to the user's other Facebook friends.
If the tutorial video isn't viewed, the phishing site looks for another opportunity to spread malware by getting users to download an application that is malicious. It will come in the form of a pornographic video player for PC users while those with Android devices will receive a notification that their device has been infected so an app must be downloaded to take care of the problem.
The color change malware keeps came back because it exploits a vulnerability in the app page itself in Facebook, allowing hackers to install malicious code and viruses into applications based on the social networking site. When users access the app through Facebook, they are redirected to phishing sites. And once on a phishing site, it is now possible for hackers to steal personal information off of the computer being used.