Bad batch of Android apps with millions of downloads discovered in Play Store — delete them now

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

If you needed another reminder that you need to be careful when downloading new apps for your Android smartphone, a new report has shed light on a number of misleading apps as well as several phishing apps that you need to look out for.

Even though Google imposes strict security restrictions on the Play Store, bad apps still manage to slip through the cracks from time to time which is why you should think twice before installing any app on your devices.

According to a report from the antivirus maker Dr. Web, rewards apps with millions of downloads don’t actually pay out while 10 investment apps and mobile games with over 450,000 downloads are actually phishing apps in disguise.

Shady rewards apps

As reported by BleepingComputer, Dr. Web found several shady pedometer apps that offer financial rewards to users for staying active and meeting their daily distance goals. Of these pedometer apps, the three listed below have 20 million downloads combined:

  • Lucky Step - Walking Tracker - 10 million downloads
  • WalkingJoy - 5 million downloads
  • Lucky Habit: health tracker - 5 million downloads

Based on findings from the report, all three apps likely have the same owner/developer since they all communicate with the same remote server address. They are also all still available to download from the Play Store at the time of writing.

While these pedometer apps offer monetary rewards to their users, the apps themselves don’t allow them to make any withdrawals until after they’ve reached a certain amount of rewards. However, even after doing this, users of these apps need to watch a dozen ads before they can unlock their rewards. At the same time, watching additional ads is offered as a way to speed up the withdrawal process.

Although these apps aren’t as dangerous as the phishing ones detailed below, this is a form of adware which is against Google’s policies and misleads users into thinking they can earn rewards by having and using these apps on their Android smartphones. Adware apps like these can also slow down your phone and quickly drain your battery.

Phishing apps in disguise

Fish hook on a keyboard

(Image credit: Shutterstock)

In addition to these shady pedometer apps, Dr. Web also found a number of investment apps and games that are actually malicious since they steal data from users through phishing.

In total, these 10 apps have over 450,000 downloads combined and you should delete them immediately if you have any of them installed on your smartphone. Here’s the full list of malicious apps found by Dr. Web:

  • Golden Hunt – 100,000 downloads
  • Reflector – 100,000 downloads
  • Seven Golden Wolf blackjack – 100,000 downloads
  • Unlimited Score – 50,000 downloads
  • Big Decisions – 50,000 downloads
  • Jewel Sea – 10,000 downloads
  • Lux Fruits Game – 10,000 downloads
  • Lucky Clover – 10,000 downloads
  • King Blitz – 5,000 downloads
  • Lucky Hammer – 1,000 downloads

Fortunately, the majority of these apps have been removed from the Play Store already with the exception of Seven Golden Wolf blackjack which is still available to download at the time of writing.

After being installed on a potential victim’s smartphone, these apps connect to a remote server to receive instructions on how to collect their data. This is done by loading phishing sites that ask users to enter sensitive information about themselves.

How to stay safe from malicious apps

A hand holding a phone securely logging in

(Image credit: Google)

Even though most of the apps in question have been removed from the Play Store, you still need to manually delete them if you have any of these bad apps on your smartphone or tablet.

Before you install any new app on one of the best Android phones, you should first check its rating and read any reviews available in the Play Store. However, as app reviews can be faked, you should also look for external reviews or better yet, video reviews showing the app in question in action.

While the best Android antivirus apps can protect you from bad apps spreading malware, detecting misleading apps or ones that can lead you to phishing pages is a bit more difficult. For this reason, you need to exercise caution when downloading and installing new apps. Likewise, you should also ensure that Google Play Protect is enabled on your Android devices as this built-in app scans all of your existing apps and any new ones you download for malware.

For the most part though, if an app seems too good to be true, it probably is. Offering rewards is just one of the ways in which scammers try to lure potential victims to their bad apps. By limiting the number of apps installed on your devices and deleting ones you no longer use, you can help protect your smartphone and the sensitive data it contains.

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Green skull on smartphone screen.
Hackers are using the Amazon Appstore to spread malware — delete this malicious app now
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
An image of a Google Android robot
Google blocked over 2.5 million suspicious Android apps from the Play Store last year
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
and image of the Google Chrome logo on a laptop
Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
Latest in Online Security
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
Latest in News
Samsung HW-Q990D soundbar
Samsung’s flagship 2024 soundbar just got bricked by a new firmware update — don’t update
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Owen Cooper as Jamie Miller in Adolescence
'Adolescence' is a gripping new Netflix show that's already hit No. 1 — and it’s 100% on Rotten Tomatoes
Leslie Bibb in The White Lotus season 3
Last night's 'White Lotus' cameo is less surprising than you think
Garmin Fenix 8 Sleep
New data reveals the average Garmin sleep score — do you sleep better or worse than most people?
Miele Guard L1 smart vacuum cleaner
Miele has launched its first vacuum cleaner with Wi-Fi — and it’s a game changer