Those users who have never been fans of the particular shade of blue employed by Facebook Inc (NASDAQ:FB) have this week fallen victim to a scam.

Facebook Color changing app

The “Facebook color changer” app lures people in with an offer to change the header and interface to one of nine different colors, including pink, green, orange and black.

Vulnerability

Chinese internet security firm Cheetah Mobile has exposed the app as a scam which leads users to a phishing website.

They state that the problem arises from “a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications directing users to phishing sites.”

The color changing scam has been seen on Facebook before, and this latest version has fooled around 10,000 people in many different countries.

Its success plays on the popular customization features of other sites such as Myspace and Tumblr.

Facebook color changing app: Multiple methods of attack

First of all, upon clicking the app, users are directed to a tutorial video which purports to explain how to change your color scheme. However if users click to watch the video, hackers are granted temporary access to their account, including photos and personal messages.

The next attack differs according to the type of device you are using. Android users receive a message informing them that their device is infected with a virus, and they should download a piece of malware infected antivirus software.

PC users are invited to download a pornography video player, which is in fact malware.

Cheetah Mobile has advised users that have fallen victim to the scam to uninstall the “Facebook color changer” app, and immediately change their password. In doing so, users can prevent the hackers from further exploiting their personal details.

In order to prevent the app from being installed in the first place, concerned users can turn off Facebook Platform entirely. However this will disable all Facebook apps, as well as preventing the user from logging into third party sites such as Spotify using their Facebook account.

via: Metro.co.uk