Beware Windows Toolbox – It’s Malicious

Windows Toolbox, a popular Windows 11 script used to add the Google Play Store to the Android Subsystem, is covertly infecting users’ systems with malicious scripts, Chrome extensions, and other malware.

When Microsoft announced the introduction of a feature that allows users to run Android apps on Windows, the news excited many users. However, when the feature was eventually released, excitement quickly turned to disappointment as users realized that it didn’t support Google Play.

Enter Windows Toolbox

Windows Toolbox On GitHub

Around that same time, a new tool called Windows Toolbox was released on GitHub with a host of features, including the ability to install Google Play Store for the Android subsystem. As a result, tech sites quickly jumped on board, enthusiastically promoting Windows Toolbox which, of course, led to it being downloaded by many users.

Windows Toolbox consists of a collection of scripts run through PowerShell and, although it does the job as advertised, it has very recently been discovered that it also contains malicious obfuscated scripts that install a Trojan and potentially other malware on affected devices.

Do not, under any circumstances download and run Windows Toolbox. And, if you’ve already downloaded and run the scripts, make sure to delete anything and everything associated with this malicious software.

NOTE: Windows Toolbox was recently added to MajorGeeks download portal as a new download. I’m pretty sure the lads at MajorGeeks have not yet caught up with the news that this is malicious software. I mention this because MajorGeeks is a trusted download source and users therefore might be tempted to trust the software. However, as I said, I am certain the lads at MajorGeeks will remove this item from their listings once they realize it is malicious.

VLC Media Player Hacked

VLC Media Player

Symantec’s cybersecurity has revealed that a group of Chinese bad actors, known as Cicada, is adding malicious code into the popular open-source VLC media player and distributing the altered version as a download online. I hasten to add that the original download direct from VideoLAN is clean and perfectly safe, as is the download from reputable/trusted download sites.

I mention this to emphasize a point that has been made here at DCT many times; you should always download software directly from the developer’s website where available and, on the odd occasion where this is not possible, make sure you are downloading from a reputable/trusted source.

Stay safe out there!

5 thoughts on “Beware Windows Toolbox – It’s Malicious”

  1. Jim. Thanks for this update. Getting more difficult to remain safe on the Internet, especially when it comes to software name we know and trust, Mindblower!

  2. Before it was known malware, I ran the Toolbox script. It was just a cut and paste into a Powershell window for the GUI to appear. Fortunately, I was too late to actually click on any of the buttons, still, I wonder if just viewing the GUI could have mucked up my system? I haven’t noticed anything buggy and ‘sfc /scannow’ reported no errors, so I guess all is well?

    1. Hey Bromberg,

      If you didn’t run the scripts you should be okay. That said, sfc /scannow is not the correct tool for double-checking. To be on the safe side, you need to run a second opinion malware scanner such as Malwarebytes AntiMalware (free).

    1. Hey John,

      I can confirm that “Windows Repair Toolbox” is not the subject of this article. It and “Windows Toolbox” are completely different software. In fact, I am aware of the developer of Windows Repair Toolbox and he also has another freeware available called “Antivirus Removal Tool” which is a nice tool.

      You are all good mate.

Leave a Comment

Your email address will not be published.

Scroll to Top


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!