Rose-pink change in Facebook account theme leaks money out of your pockets

Facebook Photo Syncing Raises Privacy Concerns
Hitting the

In a world revolving around social networking, too many applications can be deceptive. Users are non-stop advised to act cautiously online, not to grant any application access to contact lists, not to fill in forms with private information, and never install plugins demanded by various sites unless they are completely sure of its legitimacy.

Bitdefender labs have signaled a website injected with an obfuscated JavaScript with the purpose of downloading a malicious plugin on the users’ compromised PCs. Under the pretense of offering users a rose-pink Facebook theme, they prompt their visitors to install a plugin first.

The plugin, identified by Bitdefender as Trojan.FBFraud.A, will only work in Chrome and Mozilla Firefox browsers. This means that users of other browsers will dodge this threat, being simply redirected towards a blank page.

Once the plugin installed, if the users are logged into their Facebook accounts, the obfuscated JavaScript will “like” the compromised website on behalf of the victim. A link towards the compromised site is displayed on the user’s wall, propagating the infection in a different circle of friends. But not before it has offered the pink do-over to the user’s social networking account.

This will acts as a lure for the victim’s contact list. The purpose is to trick as many users as possible into clicking the link, getting infected and acting as vectors for the infected site. Since its debut this January, the scam has been identified on over 1,100 Facebook accounts.

If the users, however, is currently browsing the webpage (the sources of this particular scam), they will be redirected to a specific Facebook profile, that had been beforehand injected with an iframe to “transport” the users to an external webpage that hosts a survey scam.

This is the classical approach widely used in monetizing cyber-crime:  infection victims are offered surveys and services such as the daily horoscope, phone locating system, ring tones, all of which can be delivered to a mobile phone number indicated by the user. This is, of course, not free of charge. The user must, in return, send a SMS message to a premium rate telephone number.


This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender VirusAnalyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

1 Comment

Click here to post a comment
  • Hello everyone! I am Jacques Blom, I am 14 years old. I currently live in Cape Town, South Africa.

    I would like to inform everyone, not all of these sites are scams. My web app, is free and there are no surveys.

    Please check it out. Thank you very much!