Beware Windows Toolbox – It’s Malicious

Windows Toolbox, a popular Windows 11 script used to add the Google Play Store to the Android Subsystem, is covertly infecting users’ systems with malicious scripts, Chrome extensions, and other malware.

When Microsoft announced the introduction of a feature that allows users to run Android apps on Windows, the news excited many users. However, when the feature was eventually released, excitement quickly turned to disappointment as users realized that it didn’t support Google Play.

Enter Windows Toolbox

Windows Toolbox On GitHub

Around that same time, a new tool called Windows Toolbox was released on GitHub with a host of features, including the ability to install Google Play Store for the Android subsystem. As a result, tech sites quickly jumped on board, enthusiastically promoting Windows Toolbox which, of course, led to it being downloaded by many users.

Windows Toolbox consists of a collection of scripts run through PowerShell and, although it does the job as advertised, it has very recently been discovered that it also contains malicious obfuscated scripts that install a Trojan and potentially other malware on affected devices.

Do not, under any circumstances download and run Windows Toolbox. And, if you’ve already downloaded and run the scripts, make sure to delete anything and everything associated with this malicious software.

NOTE: Windows Toolbox was recently added to MajorGeeks download portal as a new download. I’m pretty sure the lads at MajorGeeks have not yet caught up with the news that this is malicious software. I mention this because MajorGeeks is a trusted download source and users therefore might be tempted to trust the software. However, as I said, I am certain the lads at MajorGeeks will remove this item from their listings once they realize it is malicious.

VLC Media Player Hacked

VLC Media Player

Symantec’s cybersecurity has revealed that a group of Chinese bad actors, known as Cicada, is adding malicious code into the popular open-source VLC media player and distributing the altered version as a download online. I hasten to add that the original download direct from VideoLAN is clean and perfectly safe, as is the download from reputable/trusted download sites.

I mention this to emphasize a point that has been made here at DCT many times; you should always download software directly from the developer’s website where available and, on the odd occasion where this is not possible, make sure you are downloading from a reputable/trusted source.

Stay safe out there!

15 thoughts on “Beware Windows Toolbox – It’s Malicious”

  1. Jim. Thanks for this update. Getting more difficult to remain safe on the Internet, especially when it comes to software name we know and trust, Mindblower!

  2. Before it was known malware, I ran the Toolbox script. It was just a cut and paste into a Powershell window for the GUI to appear. Fortunately, I was too late to actually click on any of the buttons, still, I wonder if just viewing the GUI could have mucked up my system? I haven’t noticed anything buggy and ‘sfc /scannow’ reported no errors, so I guess all is well?

    1. Hey Bromberg,

      If you didn’t run the scripts you should be okay. That said, sfc /scannow is not the correct tool for double-checking. To be on the safe side, you need to run a second opinion malware scanner such as Malwarebytes AntiMalware (free).

      1. Jim,
        I would have thought by running ‘sfc’ it would have confirmed that my system files were not corrupt, but running Malwarebytes as a 2nd opinion sounds like a good idea. I’ll keep that in mind for the next time, which no doubt there will be 🙁

    1. Hey John,

      I can confirm that “Windows Repair Toolbox” is not the subject of this article. It and “Windows Toolbox” are completely different software. In fact, I am aware of the developer of Windows Repair Toolbox and he also has another freeware available called “Antivirus Removal Tool” which is a nice tool.

      You are all good mate.

      1. Hi Jim,
        Could you provide a link to the ‘antivirus removal tool’ that you recommended?

        1. BTW, is there a conflict to simultaneously run the ‘antivirus removal tool’ with Defender? I never know when there is (like Defender with Avast) so is there a rule of thumb for that?

      2. Hi Jim, I appreciate this article.

        However, When researching “ legit”, I came across this article. I think it might be worth it to make a quick note that it differs from that website/program for other users :).

    1. Great!
      Is there any rule of thumb about when there is a conflict with having multiple A/V software installed?

      1. Yes- never install more than one antivirus which includes real time protection. For example; something like the free version of Malwarebytes AntiMalware will coexist fine with a full-blown antivirus because the real time protection is disabled and it becomes merely a malware scanner/remover.

Comments are closed.

Scroll to Top


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!