At least 40,000 Facebook accounts have been infected with malware disguised as a painting application, The Hill is reporting.

The Hill attributed its information to the data security firm Radware and said hackers are using the malware to get credentials, payment methods and other information from Facebook accounts across the world.

The hackers are reportedly going after Facebook users by phishing emails or sending information straight to Facebook accounts. The Facebook users are directed to a fraudulent website and prompted to download an application.

The malware is disguised as a painting application. Once downloaded, it runs a malware called “Stresspaint,” which allows hackers to steal the Facebook users’ information.

The researchers noted the high infection rate indicated it was developed professionally, according to the Hill.

Facebook is still dealing with the fallout over reports millions of users’ personal information was wrongly harvested from the social media giant by Cambridge Analytica, a political consultancy. A recent estimate put the number of affected users at 87 million.

Excellent content provided by