Used Powershell Windows Toolbox to install the Google Play Store on Windows 11? You might have gotten malware

Arif Bacchus

Windows 11

If you had used the tool Powershell Windows Toolbox to install the Google Play Store on Windows 11 when the Windows Subsystem for Android was released, we have a huge warning for you. Spotted by the folks at Bleeping Computer, it turns out that the third-party tool might have actually injected malware into your system.

Once hosted on Github, and since removed, the app promised to debloat Windows as well as install the Google Play Store in a few clicks. However, it turns out that it was actually a virus, that executed hidden PowerShell scrips in the background of Windows 11 and install what’s known as a trojan clicker.

That Trojan clicker then pinged various Cloudflare servers and executed its own commands to pull infected files onto your device or redirect you to scam URLs. This was all thanks to the original instructions and script to launch the tool. It, in fact, did allow the app to do the things it intended, but also created hidden folders in Windows 11 and installed unwanted Chrome extensions.

Bleeping Computer has a great rundown of which folders in C:\systemfile you might want to delete if you were using this app. You also might want to try your luck at clean installing Windows, too, or restoring from a backup that pre-dates when you first installed the tool.

As we say every time, always be careful when you download tools that claim to change Windows. Keep your antivirus up to date, and never download programs that you don’t trust.