Meta has notified nearly 1 million Facebook users about their credentials that may have been stolen. According to the social media giant, the victims downloaded malicious apps from the Apple App Store and Google Play Store, after which their login details were stolen.

It will be nearly 400 malicious applications, which In a blog post Explicitly, with which the victims’ login details were stolen. Meta has notified Apple and Google of the apps in question. Apple says opposite Bloomberg 45 of the 400 apps can be downloaded via the App Store, with the remaining apps on display in the Play Store. All apps listed by Meta have since been removed from the respective default app platforms.

Roughly 43 percent of the time, these are photo editing apps that supposedly allow users to edit photos or transform themselves into a cartoon character. In many cases, you will be asked to log in via Facebook for more functionality. In this way, criminals can get access to the login details of the victims. VPNs, games, and helper apps like flashlights are also said to be common among malicious apps.

A Meta employee told Bloomberg, “Cybercriminals know how popular such apps are and use similar concepts to trick people into stealing credentials. When an app is too good to be true, like if it has features that haven’t been released to other platforms or social media is promised.” Social, there’s a good chance there’s a grudge.”

Examples of some apps found by Meta with fake Facebook login buttons. Image via Meta