Online social networks (OSNs) are ubiquitous attracting millions of users all over the world. Being a popular communication media OSNs are exploited in a variety of cyber attacks. In this article, we discuss the Chameleon attack technique, a new type of OSN-based trickery where malicious posts and profiles change the way they are displayed to OSN users to conceal themselves before the attack or avoid detection. Using this technique, adversaries can, for example, avoid censorship by concealing true content when it is about to be inspected; acquire social capital to promote new content while piggybacking a trending one; cause embarrassment and serious reputation damage by tricking a victim to like, retweet, or comment a message that he wouldn't normally do without any indication for the trickery within the OSN. An experiment performed with closed Facebook groups of sports fans shows that (1) Chameleon pages can pass by the moderation filters by changing the way their posts are displayed and (2) moderators do not distinguish between regular and Chameleon pages. We list the OSN weaknesses that facilitate the Chameleon attack and propose a set of mitigation guidelines.

中文翻译：

---

变色龙攻击：操纵在线社交媒体中的内容显示

在线社交网络 (OSN) 无处不在，吸引了全球数百万用户。作为流行的通信媒体，OSN 被用于各种网络攻击。在本文中，我们将讨论变色龙攻击技术，这是一种基于 OSN 的新型诡计，恶意帖子和个人资料会改变它们向 OSN 用户显示的方式，以在攻击前隐藏自己或避免检测。例如，使用这种技术，攻击者可以通过隐藏即将被检查的真实内容来避免审查；获得社会资本以推广新内容，同时搭载热门内容；通过欺骗受害者点赞、转发或评论他通常不会在 OSN 中没有任何欺骗迹象的情况下做的消息，从而造成尴尬和严重的声誉损害。对封闭的 Facebook 体育迷群体进行的一项实验表明，(1) Chameleon 页面可以通过改变帖子的显示方式来绕过审核过滤器，(2) 版主不区分常规页面和 Chameleon 页面。我们列出了促进变色龙攻击的 OSN 弱点，并提出了一套缓解指南。