A series of malicious apps for Android has been discovered in the Google Play Store by a third-party security company, and by the looks of things, all of them were trying to steal Facebook credentials.
The apps, which have more than 2 million downloads combined, attempt to direct people to a fake Facebook login page, essentially collecting the account information and then sending it to a remote server.
Security company Evina says it has already reached out to Google to report the whole thing and all the apps have already been removed.
The most popular malicious app was called Super Wallpapers Flashlight and had more than 500,000 installs from the Google Play Store alone.
Have a look at user reviews in the Play Store
As Evina notes, some of the reviews posted in the Google Play Store for each of the malicious apps indicated there was something wrong with them.