Blog

Google Play store is the home to millions of online and offline mobile games. According to Statista's report, in 2023, the global mobile game segment will become a US$ 315.90 billion market and US$ 419.70 billion by 2027. With the advent of Android and Android smartphones, numerous mobile gaming companies have emerged. But not all games are secure as we think. Some of them scam users with deceptive reward apps and phishing games.

These phishing games carve a space for themselves in the store by masquerading as harmless gaming apps, gathering millions of downloads. Then, they start compromising users' security and privacy. Research has discovered that gaming and reward apps deceitfully steal data and user information.

What are reward apps? 

Reward and cashback apps are regular mobile apps that save a tiny amount of users' hard-earned cash. We all connect such reward apps with our pay wallet, e-wallet, or bank accounts so that the reward or cashback gets directly credited to our e-wallet or bank accounts. Reward apps can be health or fitness instruction apps, pedometers, or good habit-building apps. Security researchers have found that cybercriminals perform malicious actions through these reward apps, using them to steal sensitive user information.  

The dangers of reward apps and phishing games 

Security researchers have identified new scam activities that have recently found massive success on Google Play. Scammers use reward and gaming apps as phishing tools to steal user details. Since these apps are officially on the Android app store, millions have already downloaded them. These reward apps promise users random rewards if they stay active daily or reach distance goals. As per the Dr. Web antivirus research report, the rewards are impossible to cash out. Sometimes, the app allows users to cash out after forcing them to watch numerous advertisements one after another.

Some malicious apps, as listed in the research report, are: 

• WalkingJoy – 5 million downloads 

• Lucky Step: Walking Tracker – 10 million downloads 

• Lucky Habit: health tracker – 5 million downloads 

According to Dr. Web's report, these three apps transmit data to the same remote server address. It indicates that the same operator/developer is handling these apps. The report says that these reward apps do not allow cash withdrawals without users gathering a significant reward amount. These reward app scams will keep pushing multiple ads before enabling withdrawal. Researchers also found that these reward apps and phishing games leverage misleading advertising practices by tempting people into downloading malicious apps and adware. 

Some of these reward apps also contain malware. These apps get remotely monitored and engage in other malicious activities, such as stealing financial/bank account details and hacking into users' social media accounts. These apps can lead to financial losses or even degrade someone's online reputation through social media account breaching. It highlights that users should remain more watchful about the apps they use, especially those claiming to offer rewards. 

The report by Dr. Web warns that they found phishing apps disguised as mobile games and investment apps on Google Play. These apps have already gathered 450,000 downloads. These apps contain direct phishing forms and pages requiring users to enter sensitive details.

As per the report, some malicious phishing games are: 

• Lux Fruits Game – 10,000 downloads 

• Golden Hunt – 100,000 downloads 

• Lucky Clover – 10,000 downloads 

• Reflector – 100,000 downloads 

• Big Decisions – 50,000 downloads 

• Jewel Sea – 10,000 downloads 

• Unlimited Score – 50,000 downloads 

• Lucky Hammer – 1,000 downloads 

• Seven Golden Wolf blackjack – 100,000 downloads 

• King Blitz – 5,000 downloads 

A lot of these apps are still available in the Google Play store. Google has expressed concern about these questionable apps and has taken some steps to combat these malicious reward apps and phishing game tools. It removed some apps and banned the companies or developers for violating its policies. However, new reward apps and games continue to emerge.

Preventative measures

It is essential to be vigilant when downloading apps - even from the official Google Play store. Cyber attacks, especially those involving reward apps and phishing games, can cause significant harm if users are not careful. Users should always read reviews about an app before using it or installing it on their device. You should also exercise caution when providing personal details or financial information in any app. It is better to opt for a verified and secure platform rather than install an unknown game or reward app from Google Play.

If you have any of the games mentioned above or reward apps installed on your system, it is recommended that you uninstalled them and ensure there are no traces of the apps left.