- A third-party tool that installed the Play Store on Windows 11 PCs also brought a variety of other nasty additions.
- Windows Toolkit installed malicious Chrome extension and sketchy scripts.
- The extension redirected users to dubious affiliate and referral links.
Microsoft launched Windows 11 late last year, and the most notable addition was support for Android apps through the Amazon AppStore. Users can download apps with some effort, but there are also several unofficial ways to install the Google Play Store.
One such solution, dubbed Windows Toolbox, installs the Play Store, unlocks Windows 11, and offers several other features. However, beeping computer reported that Windows Toolbox was actually infecting users’ computers with malicious Chrome extensions, dubious scripts, and possibly other malware.
What does this tool actually do?
The outlet explained that the tool was actually a Trojan that ran hidden PowerShell scripts. These scripts created scheduled tasks in Windows 11 such as kill process and create other tasks. It also created a hidden c:systemfile folder and then copied the default Chrome, Edge, and Brave browser profiles to that folder.
A malicious Chromium extension was also created in this hidden folder, downloading the victim’s geographic information while redirecting the user to affiliate and referral links. More precisely, beeping computer reported that users visiting whatsapp.com would be redirected to URLs associated with “make money” scams, unwanted apps and games, and browser notification scams.
Have you installed the Play Store on your Windows 11 PC?
Users were advised to check for existence of these suspicious scheduled tasks and hidden system folder if they thought their PC was infected. You will then want to delete the scheduled tasks, associated Python files, and the folder in question.
Either way, it’s clear that you definitely need to be more careful when it comes to installing the Play Store on your Windows 11 device.