Cybersecurity researchers at Dr. Web found half a dozen mobile apps lurking in Google’s Play Store that are actually distributing information thieves (opens in new tab)adware and other forms of malware via Android (opens in new tab) applications that between them have more than two million downloads.

Researchers found five malicious apps, including PIP Pic Camera Photo Editor, a malicious app with over a million downloads pretending to be image editing software. In reality, it steals people’s Facebook credentials.