Popular tool that adds Play Store to Windows 11 installs malware
A popular tool with which the Google Play Store can be added to Windows has been found to install malware. The tool installed a trojan clicker and possibly other malware on the user’s computer.
The tool is called Powershell Windows Toolbox and popped up according to Bleeping Computer last October on GitHub. The tool quickly became popular as it allowed users to use the Google Play Store within Windows. In addition, the tool allowed users to remove bloatware from Windows 11 and even activate Windows and Microsoft Office, according to the description on GitHub.
Especially for using the Play Store, the tool was quickly picked up and used by many people. This feature was promised when Windows 11 was announced, but this feature was not available at release. That is why several tools appeared online that made this possible after all.
Now a number of users have discovered that malware is secretly installed using Windows Toolbox. To run the tool, users must enter a command that retrieves a PowerShell script from Cloudfare Worker. It also allowed the creator of the tool to install malware.
Based on the code that Bleeping Computer has seen, the malware appears to be primarily aimed at generating ad clicks in order to make money. A script was also discovered that sent users to a different site when they went to whatsapp.com. The tool then sent them to fraudulent sites. The tool has since been removed from GitHub.