A popular mobile app in the official Google Play store called “Craftsart Cartoon Photo Tools” has racked up more than 100,000 installs – but unfortunately for the app’s enthusiasts, it contains a version of the Facestealer Android malware.

That’s according to researchers at Pradeo, who said the app performs somewhat as promised, pretending to be a legitimate photo editing tool. Specifically, it claims to allow users to convert photos into cartoon or “painting”-style versions using a few different filters. However, behind this mask lies a “small piece of [malicious] code that easily slips under the radar of store’s safeguards,” they explained.

Facestealer is a known Android threat that has made its way into Google Play in the past via trojanized apps. According to past Malwarebytes analysis, when the application is first launched, it guides the user to the legitimate main Facebook login page and asks users to log in before they can use the app. Then, “injected malicious JavaScript steals the login credentials and sends them to a command-and-control server,” according to the firm. “The C2 server makes use of login credentials to authorize access to the [account].”