Bad batch of Android apps with millions of downloads discovered in Play Store — delete them now

A picture of a skull and bones on a smartphone depicting malware
(Image credit: Shutterstock)

If you needed another reminder that you need to be careful when downloading new apps for your Android smartphone, a new report has shed light on a number of misleading apps as well as several phishing apps that you need to look out for.

Even though Google imposes strict security restrictions on the Play Store, bad apps still manage to slip through the cracks from time to time which is why you should think twice before installing any app on your devices.

According to a report from the antivirus maker Dr. Web, rewards apps with millions of downloads don’t actually pay out while 10 investment apps and mobile games with over 450,000 downloads are actually phishing apps in disguise.

Shady rewards apps

As reported by BleepingComputer, Dr. Web found several shady pedometer apps that offer financial rewards to users for staying active and meeting their daily distance goals. Of these pedometer apps, the three listed below have 20 million downloads combined:

  • Lucky Step - Walking Tracker - 10 million downloads
  • WalkingJoy - 5 million downloads
  • Lucky Habit: health tracker - 5 million downloads

Based on findings from the report, all three apps likely have the same owner/developer since they all communicate with the same remote server address. They are also all still available to download from the Play Store at the time of writing.

While these pedometer apps offer monetary rewards to their users, the apps themselves don’t allow them to make any withdrawals until after they’ve reached a certain amount of rewards. However, even after doing this, users of these apps need to watch a dozen ads before they can unlock their rewards. At the same time, watching additional ads is offered as a way to speed up the withdrawal process.

Although these apps aren’t as dangerous as the phishing ones detailed below, this is a form of adware which is against Google’s policies and misleads users into thinking they can earn rewards by having and using these apps on their Android smartphones. Adware apps like these can also slow down your phone and quickly drain your battery.

Phishing apps in disguise

Fish hook on a keyboard

(Image credit: Shutterstock)

In addition to these shady pedometer apps, Dr. Web also found a number of investment apps and games that are actually malicious since they steal data from users through phishing.

In total, these 10 apps have over 450,000 downloads combined and you should delete them immediately if you have any of them installed on your smartphone. Here’s the full list of malicious apps found by Dr. Web:

  • Golden Hunt – 100,000 downloads
  • Reflector – 100,000 downloads
  • Seven Golden Wolf blackjack – 100,000 downloads
  • Unlimited Score – 50,000 downloads
  • Big Decisions – 50,000 downloads
  • Jewel Sea – 10,000 downloads
  • Lux Fruits Game – 10,000 downloads
  • Lucky Clover – 10,000 downloads
  • King Blitz – 5,000 downloads
  • Lucky Hammer – 1,000 downloads

Fortunately, the majority of these apps have been removed from the Play Store already with the exception of Seven Golden Wolf blackjack which is still available to download at the time of writing.

After being installed on a potential victim’s smartphone, these apps connect to a remote server to receive instructions on how to collect their data. This is done by loading phishing sites that ask users to enter sensitive information about themselves.

How to stay safe from malicious apps

A hand holding a phone securely logging in

(Image credit: Google)

Even though most of the apps in question have been removed from the Play Store, you still need to manually delete them if you have any of these bad apps on your smartphone or tablet.

Before you install any new app on one of the best Android phones, you should first check its rating and read any reviews available in the Play Store. However, as app reviews can be faked, you should also look for external reviews or better yet, video reviews showing the app in question in action.

While the best Android antivirus apps can protect you from bad apps spreading malware, detecting misleading apps or ones that can lead you to phishing pages is a bit more difficult. For this reason, you need to exercise caution when downloading and installing new apps. Likewise, you should also ensure that Google Play Protect is enabled on your Android devices as this built-in app scans all of your existing apps and any new ones you download for malware.

For the most part though, if an app seems too good to be true, it probably is. Offering rewards is just one of the ways in which scammers try to lure potential victims to their bad apps. By limiting the number of apps installed on your devices and deleting ones you no longer use, you can help protect your smartphone and the sensitive data it contains.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.