Seemingly helpful script that adds Google Play Store to Windows 11 turns out to be Trojan

Bad things come in good packages.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

If you’ve downloaded Windows Toolbox from GitHub, bad news: Turns out, it’s a Trojan that’s been quietly messing with your PC. Given the plethora of positive utilities the Toolbox serves, it may come as a shock that it’s actually a vehicle for malware that’ll redirect your URLs, hit you with unsavory Chrome extensions, and more.

The reason the Toolbox got popular was thanks to its advertised features: It shaves down the bloat of Windows 11 and 10 by getting rid of certain preinstalled apps, disabling Cortana and OneDrive, and much more. Furthermore, it sells itself as a solution for a one-click installation of the Google Play Store onWindows 11.

The kicker: Toolbox actually delivers, for the most part. The issue is that it also features PowerShell code that’ll set the stage for malicious scripts to run on your device (viaBleepingComputer). You can see the tool’s GitHub listinghere.

From there, Chromium extensions will be added without your consent, activating revenue harvesting schemes by redirecting you to unwanted promotions as well as referral and affiliate scam URLs. If you believe you’ve been infected, BleepingComputer has a breakdown of steps to remedy the issue, which you can see by clicking the hyperlink up above.

This isn’t the only sneaky, stealth-minded Windows threat to crop up in recent memory. Tarrask malware did a noteworthy-enough job of covering its tracks toget Microsoft’s attention.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.