Seemingly helpful script that adds Google Play Store to Windows 11 turns out to be Trojan

Google Play Games On Windows Pcs Image
Google Play Games On Windows Pcs Image (Image credit: Google)

What you need to know

  • Windows Toolbox is advertised as a debloater for Windows 11 and 10, as well as an easy way to get the Google Play Store on Windows 11.
  • It's been discovered that this helpful Toolbox utility is, in fact, a Trojan.
  • The Toolbox serves its advertised functions despite the fact that it creates headaches such as redirecting web-surfing users to scam URLs.

If you've downloaded Windows Toolbox from GitHub, bad news: Turns out, it's a Trojan that's been quietly messing with your PC. Given the plethora of positive utilities the Toolbox serves, it may come as a shock that it's actually a vehicle for malware that'll redirect your URLs, hit you with unsavory Chrome extensions, and more.

The reason the Toolbox got popular was thanks to its advertised features: It shaves down the bloat of Windows 11 and 10 by getting rid of certain preinstalled apps, disabling Cortana and OneDrive, and much more. Furthermore, it sells itself as a solution for a one-click installation of the Google Play Store on Windows 11.

The kicker: Toolbox actually delivers, for the most part. The issue is that it also features PowerShell code that'll set the stage for malicious scripts to run on your device (via BleepingComputer). You can see the tool's GitHub listing here.

Obfuscated Powershell Code

Source: BleepingComputer (Image credit: Source: BleepingComputer)

From there, Chromium extensions will be added without your consent, activating revenue harvesting schemes by redirecting you to unwanted promotions as well as referral and affiliate scam URLs. If you believe you've been infected, BleepingComputer has a breakdown of steps to remedy the issue, which you can see by clicking the hyperlink up above.

This isn't the only sneaky, stealth-minded Windows threat to crop up in recent memory. Tarrask malware did a noteworthy-enough job of covering its tracks to get Microsoft's attention.

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.