bleepingcomputer[.]com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware.When Windows 11 was released in October, Microsoft announced that it will allow users to run native Android apps directly from within Windows.
This feature was exciting for many users, but when the Android for Windows 11 preview was released in February, many were disappointed they could not use it with Google Play and were stuck with apps from the Amazon App Store.
While there were ways to use ADB to sideload Android apps, users began looking for methods that let them add the Google Play Store to Windows 11.
Around that time, someone released a new tool called Windows Toolbox on GitHub with a host of features, including the ability to debloat Windows 11, activate Microsoft Office and Windows, and install Google Play Store for the Android subsystem.
Once tech sites discovered the script, it was quickly promoted and installed by many.
However, unbeknownst to everyone until this week, the Windows Toolbox was actually a Trojan that executed a series of obfuscated, malicious PowerShell scripts to install a trojan clicker and possibly other malware on devices.