20 Million Downloads In Shady Rewards Apps Via Google Play

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 30, 2023 02:39 am PST

A new class of activity-tracking apps that have recently had significant success on Google Play, the official software store for Android, has been downloaded onto more than 20 million devices. The apps present themselves as a pedometer, fitness, and habit-building tools, promising to award users randomly for maintaining an active lifestyle, achieving distance targets, etc.

But, according to a report by the Dr. Web antivirus, the prizes could be difficult to redeem or are only partially made accessible after requiring users to watch a lot of advertising.

According to Dr. Web’s report, these are three noteworthy examples:

  • Walking tracker Lucky Step has 10 million downloads.
  • 5 million downloads of WalkingJoy.
  • A health tracker with 5 million downloads is my lucky habit.

According to Dr. Web, all three apps communicate with the same remote server address, pointing to a single operator/developer. All three are still available on Google Play as of this writing. Based on the antivirus company, the apps do not permit withdrawals before users have racked up a sizable number of points. Even then, they guarantee that consumers will unlock “profits” after watching a dozen promotional videos.

The apps purportedly push even more advertising following a round of seeing them in order to “speed up” the withdrawal process. Dr. Web further points out that a previous version of “Lucky Step – Walking Tracker” allowed users to convert in-app prizes into gift cards that could be used to make purchases at actual internet retailers.

However, this feature has been removed from the settings in more recent versions of the program. Thus, it is still being determined what the rewards can now be converted to.

“Lucky Step – Waling Tracker,” according to user evaluations posted on Google Play, acts like adware, loading full-screen ads upon screen unlock and even replacing active windows. Another example of a related product that is still available on Google Play is “Wonder Time,” a rewards app with 500,000 downloads.

According to the application, users will earn real money for doing tasks, including downloading and installing additional software and video games. However, the developer’s lowest revenue withdrawal threshold dwarfs the tokens users earn for each action.

Phishing Games With The Wondertime App From Google Play 

In the same research, Dr. Web issued a warning about the over 450,000 downloads of phishing apps on Google Play that were passed off as investment apps and games.

The app launches by connecting to a remote server, where they receive a configuration that tells them what to do. The instructions typically involve opening phishing pages that ask visitors to provide sensitive information.

The following list includes the harmful game apps that Dr. Web found:

  • 100,000 downloads of Golden Hunt
  • 100,000 downloads of Reflector
  • Blackjack with Seven Golden Wolf – 100,000 downloads (still on Google Play)
  • Score Unlimited – 50,000 downloads
  • 50,000 downloads of “Big Decisions.”
  • 10,000 downloads of Jewel Sea
  • Game Lux Fruits: 10,000 downloads
  • 10,000 downloads of Lucky Clover
  • 5,000 downloads of King Blitz
  • 1,000 downloads of Lucky Hammer
  • A harmful game that is still available on Google Play

If any of the aforementioned phishing apps are already installed on your Android device, you should uninstall them right once. After that, conduct an antivirus scan to find and get rid of any leftovers. Google has been questioned regarding the security of the apps that are still available on the Play Store.


In recent months, a new class of activity-tracking apps has been downloaded on over 20 million devices from Google Play, the official software store for Android. The apps present themselves as a pedometer, habit-building, and fitness tools, promising to reward users randomly for staying active, exceeding distance targets, and other things. However, a report by the Dr. Web antivirus claims that the prizes might be impossible to redeem or might only be partially made available after requiring consumers to view a lot of advertising.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x