Malware makers are resorting to 'black Face' to violate the rights of PC users of all colors and nationalities. However, unlike the theatrical makeup used in minstrel shows, this black Face formation is promoted via a deceptive message posted on the friendly grounds of social networking site Facebook.
Cybercriminals love popular programs, tools, apps or websites and the massive audience or users they attract. Facebook boasts a monthly usage of 1.01 billion users, making it a target of malware attempts such as the one offering a black face lift of Facebook's interface and traditional blue color scheme. Cybercriminals, i.e. scammers, spammers, malware makers, etc., often hack into Facebook users' accounts or create fictitious accounts to friend and fool trusting Facebookers, making it that much easier to lay infectious traps.
Facebook continues to evolve, improving usability as well as marketability. Facebookers can customize their own Facebook by changing their profile picture or cover but not necessarily alter the color of the Facebook header, well, not within the Facebook interface or application. There, however, are many third-party tools and add-ons that offer the ability to colorize the Facebook header, something malware makers too are offering. The exception is malware makers have a hidden agenda, carrying out one or more payloads that earn a cybercriminal money or that unleashes malware to steal data and perform other online criminal acts.
Here is the deceptive and booby-trapped post circulating on Facebook with the corresponding image in Figure 1 below:
Change your Facebook color
Now you can change your Facebook color to anything
Change your Facebook Color
Are you sick fo that boring old blue theme? Well now you have the power to change your facebook color to anything your heart desires?
Figure 1. – Deceptive Facebook black color message image
A button is present that when clicked takes the victim to a third-party website requiring victims complete one of five surveys before continuing on. The surveys earn cybercriminals ill-gotten revenue and the more traffic driven to the URLs or web pages, the money revenue earned. Additionally, any time your entertain third party Facebook based apps, you too authorize access to your personal data, including your Facebook friends' list. The deceptive app too installs within your Facebook account and the message is posted on your timeline to be spammed or spread to all your Facebook friends and family.
Is changing the Facebook header's color worth all this drama and headache? I think not. If you're a smart and savvy Internet or PC user, you'll know 'not to click' on anything until you can fully verify the source or determine if the ultimate motive or intent is of a malicious nature. However, if you did make a simple mistake or were duped, you'll need to get rid of the malicious files engineering this attack, wiping clean your newsfeed and profile as well as cleansing your hard drive of malware. You too should notify Facebook that the post is malicious by clicking the 'X' in the right corner of the post, and also warn your family and friends.
Tips for practicing safe online habits to avoid malware when using Facebook and other social networking tools or sites.
- Be selective of who you accept as a Facebook friend.
- Be slow to click on links until you can verify the source and that the post is not malicious.
- Clicking on the 'like' feature whether within Facebook or on a widget could expose you to malware or help an unscrupulous advertisers serve up a customized advertisement campaign.
- Be careful when using third party apps or services demanding you authorize access to your personal data and sharing your Facebook friends' list.