A new report reminds us to be careful when downloading new apps to our Android smartphones.

Despite Google's strict security restrictions on the Play Store, malicious apps occasionally slip through the cracks.

According to a report (opens in new tab) from antivirus maker Dr. Web, millions of downloads of reward apps don't actually pay, and 10 investment apps and mobile games with over 450,000 downloads are actually phishing apps in disguise.

As reported by BleepingComputer (opens in new tab), Dr. Web found several questionable pedometer apps that offer financial rewards to users who stay active and meet daily distance goals. Of these pedometer apps, the following three have been downloaded a total of 20 million times:

According to the report's findings, all three apps communicate with the same remote server address, making it likely that they are the same owner/developer. Also, as of this writing, all are still available for download from the Play Store.

While these pedometer apps offer monetary rewards to users, the apps themselves do not allow withdrawals until a certain reward amount is reached. Even then, however, users of these apps must view the ads dozens of times before unlocking the reward. At the same time, additional ad viewing is offered as a way to speed up the withdrawal process.

While these apps are not as dangerous as the phishing detailed below, this is a type of adware that violates Google's policies and misleads users into believing that they can earn rewards by loading and using these apps on their Android smartphones. These adware apps slow down smartphones and drain batteries rapidly.

In addition to these shady pedometer apps, Dr.Web has also found a number of actually malicious investment apps and games that steal data from users through phishing.

The total number of downloads for these 10 apps exceeds 450,000, so if you have any of these apps installed on your smartphone, you need to remove them immediately. Here is the full list of malicious apps that Dr.Web discovered:

Fortunately, Most of these apps have already been removed from the Play Store, with the exception of Seven Golden Wolf Blackjack, which is still available for download as of this writing.

After being installed on a potential victim's smartphone, these apps connect to a remote server and receive instructions on how to collect data. This is done by loading a phishing site that asks users to enter sensitive information about themselves.

While most of the apps in question have been removed from the Play Store, if you have these malicious apps on your smartphone or tablet, you still need to remove them manually.

Before installing a new app on your best Android phone, you should first check its ratings and read the reviews available in the Play Store. However, since app reviews can be faked, you should also look for outside reviews and video reviews that show how the app in question works.

The best Android antivirus apps can protect you from malicious apps that spread malware, but detecting misleading apps or apps that direct you to phishing pages is a little harder. So be careful when downloading and installing new apps. Likewise, you should make sure that Google Play Protect is enabled on your Android device. The built-in app scans all existing and newly downloaded apps for malware.

However, in most cases, if an app seems too good to be true, it probably is. Offering rewards is just one way scammers try to lure potential victims into malicious apps. Limiting the number of apps you install on your device and removing apps you no longer use can help protect your smartphone and the sensitive data it contains.