Windows Toolbox, a popular Windows 11 script used to add the Google Play Store to the Android Subsystem, is covertly infecting users’ systems with malicious scripts, Chrome extensions, and other malware.
When Microsoft announced the introduction of a feature that allows users to run Android apps on Windows, the news excited many users. However, when the feature was eventually released, excitement quickly turned to disappointment as users realized that it didn’t support Google Play.
Enter Windows Toolbox
Around that same time, a new tool called Windows Toolbox was released on GitHub with a host of features, including the ability to install Google Play Store for the Android subsystem. As a result, tech sites quickly jumped on board, enthusiastically promoting Windows Toolbox which, of course, led to it being downloaded by many users.
Windows Toolbox consists of a collection of scripts run through PowerShell and, although it does the job as advertised, it has very recently been discovered that it also contains malicious obfuscated scripts that install a Trojan and potentially other malware on affected devices.
Do not, under any circumstances download and run Windows Toolbox. And, if you’ve already downloaded and run the scripts, make sure to delete anything and everything associated with this malicious software.
- For more information please visit: Windows 11 tool to add Google Play secretly installed malware
NOTE: Windows Toolbox was recently added to MajorGeeks download portal as a new download. I’m pretty sure the lads at MajorGeeks have not yet caught up with the news that this is malicious software. I mention this because MajorGeeks is a trusted download source and users therefore might be tempted to trust the software. However, as I said, I am certain the lads at MajorGeeks will remove this item from their listings once they realize it is malicious.
VLC Media Player Hacked
Symantec’s cybersecurity has revealed that a group of Chinese bad actors, known as Cicada, is adding malicious code into the popular open-source VLC media player and distributing the altered version as a download online. I hasten to add that the original download direct from VideoLAN is clean and perfectly safe, as is the download from reputable/trusted download sites.
I mention this to emphasize a point that has been made here at DCT many times; you should always download software directly from the developer’s website where available and, on the odd occasion where this is not possible, make sure you are downloading from a reputable/trusted source.
Stay safe out there!
—
Jim. Thanks for this update. Getting more difficult to remain safe on the Internet, especially when it comes to software name we know and trust, Mindblower!
Before it was known malware, I ran the Toolbox script. It was just a cut and paste into a Powershell window for the GUI to appear. Fortunately, I was too late to actually click on any of the buttons, still, I wonder if just viewing the GUI could have mucked up my system? I haven’t noticed anything buggy and ‘sfc /scannow’ reported no errors, so I guess all is well?
Hey Bromberg,
If you didn’t run the scripts you should be okay. That said, sfc /scannow is not the correct tool for double-checking. To be on the safe side, you need to run a second opinion malware scanner such as Malwarebytes AntiMalware (free).
Jim,
I would have thought by running ‘sfc’ it would have confirmed that my system files were not corrupt, but running Malwarebytes as a 2nd opinion sounds like a good idea. I’ll keep that in mind for the next time, which no doubt there will be 🙁
Thanks!
Dan
Just want to clarify this is not about “Windows Repair Toolbox” at https://windows-repair-toolbox.com/ because i use it and am happy with it. oK just checked out your link and am pretty sure it is not “Windows Repair Toolbox”
Hey John,
I can confirm that “Windows Repair Toolbox” is not the subject of this article. It and “Windows Toolbox” are completely different software. In fact, I am aware of the developer of Windows Repair Toolbox and he also has another freeware available called “Antivirus Removal Tool” which is a nice tool.
You are all good mate.
Hi Jim,
Could you provide a link to the ‘antivirus removal tool’ that you recommended?
Thanks,
Dan
Hey Dan,
Sure, no problem. Here it is: https://antivirus-removal-tool.com/
Didn’t think to try the obvious…thanks, Jim!
Dan
BTW, is there a conflict to simultaneously run the ‘antivirus removal tool’ with Defender? I never know when there is (like Defender with Avast) so is there a rule of thumb for that?
Dan
Hi Jim, I appreciate this article.
However, When researching “windows-repair-toolbox.com legit”, I came across this article. I think it might be worth it to make a quick note that it differs from that website/program for other users :).
Hey Dan,
No conflict at all. Antivirus Removal Tool is portable and is, essentially, an uninstaller.
Great!
Is there any rule of thumb about when there is a conflict with having multiple A/V software installed?
Yes- never install more than one antivirus which includes real time protection. For example; something like the free version of Malwarebytes AntiMalware will coexist fine with a full-blown antivirus because the real time protection is disabled and it becomes merely a malware scanner/remover.
So real-time protection is the key.
Thanks for the rule of thumb.
Dan