Facebook messages claiming to give you the chance to change the color of the site are, perhaps unsurprisingly, a phishing scam.
Cheetah Mobile has the details:
Once clicked, it leads users to a phishing website. Cheetah Mobile researchers have found this issue to be happening due to a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications directs users to phishing sites. The code, pictured below, takes users who believe they are visiting the URL “apps.facebook.com/themsandcolors” and automatically reroutes them to a malicious phishing site.
The phishing site has two ways or attacking consumers. First, by stealing the users Facebook “Access Tokens” by asking them to view a color changer tutorial video. At this point the hackers gain temporary access to these tokens which allows them to connect with the user’s Facebook friends.
If a user doesn’t view this video, it then tries a new way to spread the malicious software, by getting consumers to download a malicious application. If a user is on a PC, the site leads them to download a pornography video player. If the user is on an Android device, it issues a warning saying the device has been infected and advises users to “download now” a suggested app, images below.
Those of you with less tech-savvy friends and relatives on Facebook might want to give them a heads-up.