Best daily deals
Best daily deals

Links on Android Authority may earn us a commission. Learn more.

A Windows 11 tool to enable the Google Play Store was actually malware

The sketchy tool also created a hidden folder, copied your browser data, and redirected users to questionable links.
By
April 18, 2022
Android apps on Windows 11
Microsoft
TL;DR
  • A third-party tool that installed the Play Store on Windows 11 PCs also brought a variety of other nasty additions.
  • Windows Toolbox installed a malicious Chrome extension and sketchy scripts.
  • The extension redirected users to questionable affiliate and referral links.

Microsoft launched Windows 11 late last year, and the most notable addition was Android app support via the Amazon AppStore. Users can sideload apps with some effort, but there were also several unofficial ways to install the Google Play Store.

One of these solutions, dubbed Windows Toolbox, installs the Play Store, debloats Windows 11, and offers several more features. However, Bleeping Computer has reported that Windows Toolbox actually infected users’ computers with malicious Chrome extensions, questionable scripts, and possibly other malware as well.

What does this tool actually do?

The outlet explained that the tool was actually a trojan that executed hidden PowerShell scripts. These scripts created scheduled tasks in Windows 11, such as killing processes and creating other tasks. It also created a hidden c:\systemfile folder and then copied the default Chrome, Edge, and Brave browser profiles to this folder.

A malicious Chromium extension was also created in this hidden folder, uploading the victim’s geographic information while also redirecting the user to affiliate and referral links. More specifically, Bleeping Computer reported that users visiting whatsapp.com would be redirected to URLs associated with “make money” scams, unwanted apps and games, and browser notification scams.

Have you installed the Play Store on your Windows 11 PC?

3232 votes

Users were advised to check for the existence of these suspicious scheduled tasks and the hidden systemfile folder if they thought their PC was infected. You’ll then want to delete the scheduled tasks, associated Python files, and the folder in question.

Either way, it’s clear that you should definitely express more caution when it comes to installing the Play Store on your Windows 11 device.