Powershell Windows Toolbox injected malware on Windows 11

If you used Powershell Windows Toolbox to install Google Play Store on Windows 11 when Windows Subsystem for Android was released, we have a huge warning for you. Spotted by the folks at Bleeping Computer, it turns out that the third-party tool may have injected malware into your system.

Once hosted on Github, and since removed, the app promised to unlock Windows as well as install the Google Play Store with just a few clicks. However, it turns out that it was actually a virus, which ran hidden PowerShell scripts in the background of Windows 11 and installed a so-called clicker trojan.

Did you use Powershell Windows Toolbox to install the Google Play Store on Windows 11?  You may have received malware - OnMSFT.com - April 15, 2022

This Trojan picker then pinged various Cloudflare servers and executed its own commands to extract infected files from your device or redirect you to fraudulent URLs. All thanks to the original instructions and script to launch the tool. In fact, this allowed the app to do what it wanted, but also created hidden folders in Windows 11 and installed unwanted Chrome extensions.

Bleeping Computer has a great summary of folders in C:\systemfile that you might want to delete if you were using this app. You can also try your luck by installing Windows cleanly or restoring from a backup before you first installed the tool.

As we say every time, always be careful when downloading tools that claim to change Windows. Keep your antivirus updated and never download programs you don’t trust.

Share this post:


Leave a Reply

Your email address will not be published.

Back to top