The color change scam tricks users into downloading malware via a site that claims to let users change the colors of their Facebook profile. The latest iteration of the scam has already affected more than 10,000 people around the world, according to Cheetah Mobile, a Chinese Internet company that highlighted the most recent appearance of the scam in its blog.

The malware begins by advertising an app that tells Facebook users they can change the color theme of their profile. Download the app and you're directed to a malicious phishing site, according to Cheetah Mobile's security researchers.

The website targets users in two ways. First it steals the users' Facebook Access Tokens by asking them to view a color changer tutorial video. Temporary access to the tokens allows hackers to connect to the user’s Facebook friends. If a user doesn’t view this video, the site then tries to get them to download the malicious application. If a user is on a PC, the site leads them to download a pornographic video player. If the user is on an Android device, the site issues a warning saying the device has been infected and advises users to download a suggested app.

The problem, according to Cheetah Mobile, stems from "a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications that directs users to phishing sites." Anyone who has already fallen victim to the scam should uninstall the app immediately (this can be done from the "app" menu in your Facebook settings) and change their Facebook password.