a tool has hidden a trojan horse

A tool intended to allow install google play store on windows 11 in order to download Android apps which are not available in the Microsoft Store, it turned out to be a Trojan that installed different scenarios and hidden files with the aim to collect user data and redirect them to malicious or modified websites from where hackers get revenue.

The platform, called Windows Toolbox, was released on GitHub as a tool that promised to add additional features to Windows 11. These included the ability to remove pre-installed apps from the operating system, activate Windows or Microsoft Office, and install the Google Play Store on the Android subsystem. This has quickly become popular due to the interest of users looking to install Android apps that for one reason or another are not available in the Microsoft Store.

The problem? that this tool did much more than activate the Office suite or install the Google App Store in Windows 11. It also spread malware throughout the operating system, as revealed Calculation beepr. To do this, Windows Toolbox activated scenarios hidden from PowerShell which they were responsible for running commands to install extensions and download hidden files. One of the tasks of this Trojan was to install a Chromium extension which was executed the moment the browser was opened. This one, in particular, redirected the user to affiliate links that allowed the hackers to earn money. The extension also triggered notifications of scams and malware promotions.

Windows 11 malware tool did not collect passwords or sensitive data

The aforementioned support assures that this attack was only carried out on users in the United States who downloaded Windows Toolbox. The attackers too they did not use malware to steal private information user or passwords, although they collected the geographical location of the attackers.

Windows Toolbox no longer available on the GitHub page. However, and if you have installed this tool in your computer, it is better to check if the system detects the folder c:\systemfile and delete the files located at the following addresses.

  • C:\Windows\security\pywinvera.
  • C:\Windows\security\pywinvera.
  • C:\Windows\security\winver.png.

On the other hand, and to avoid this type of problem, it is preferable to use the official platforms that Microsoft makes available to users. Windows 11, let’s remember, allows you to install Android applications via the Microsoft Store and thanks to the technology of the Amazon App Store. Although the number of applications is less than what we find in the Google Play Store, the process is easier and safer than downloading third-party tools.