Although MIT rolled out its App Inventor online tool that lets you use a drag-and-drop palette of widgets to create a fully functional Android apps, nefarious elements have latched onto the tool as a way to quickly create malicious Android apps.


Researchers at Malwarebytes have run across several instances where malware was apparently built by App Inventor. One of the examples it found was a fake version of Dr. Web security.

Malwarebytes said these fake apps, appearing to be legitimate, need only be opened to start downloading additional malicious APKs. These could contain all kinds of mischievous code.

The fake apps are spread using phishing links and file sharing services. Typically, they include Dropbox, Google Drive and other such services. The apps tend to be Russian in origin.

To keep yourself safe, it is always best to know where your apps are coming from. The best defense is to never install apps from outside Google Play.