Powershell Windows Toolbox helps to install Google Play on Windows 11 is malicious code
This tool called "Powershell Windows Toolbox" has been posted to GitHub and LinuxUserGD users have noticed that the hidden lines of code are very confusing and contain malicious bits. Then other users continued to report problems related to this tool. Powershell Windows Toolbox has now been removed from GitHub.
Here's what the tool claims it can do:
First, the tool uses Cloudflare workers to load a script. In the How to user section of the tool, the developer instructs the user to run the following command in the CLI:
While the script is being loaded, code scrambling is also performed. After overturning the obfuscation, experts discovered that these are lines of code used to download malicious scripts from Cloudflare workers and files from user alexrybak0444's GitHub repo. This repo has also been reported and removed.
The scripts then create an extension for Chromium-based browsers. This is believed to be the main malicious component of this malware distribution campaign. It appears to be that certain links or URLs are used to generate revenue through afiliates and referrals by promoting certain software or scams through Facebook and WhatsApp messages.
If you happen to install Powershell Windows Toolbox you need to remove the following components from your computer. Here's what the malware adds during the infection:
- MicrosoftWindowsAppIDVerifiedCert
- MicrosoftWindowsApplication ExperienceMaintenance
- MicrosoftWindowsServicesCertPathCheck
- MicrosoftWindowsServicesCertPathw
- MicrosoftWindowsServicingComponentCleanup
- MicrosoftWindowsServicingServiceCleanup
- MicrosoftWindowsShellObjectTask
- MicrosoftWindowsClipServiceCleanup
At the same time, you also need to delete the hidden folder "C:systemfile" created by the malicious code during the intrusion. In case you do a system restore make sure you use a recovery file that is not created by the Powershell Windows Toolbox as it will not remove the malware.
However, before installing the Google Play Store, TipsMake.com notes you: according to Microsoft, to run Android apps on Windows 11 you need a computer with relatively high configuration.
You should read it
- Instructions on how to use PowerShell in Windows Server 2012
- What to do when Windows can't find PowerShell?
- Use PowerShell to download any file on Windows 10
- PowerShell command in Windows
- How to Install or Update PowerShell on Windows 11
- How to check PowerShell version in Windows 10
- How to join videos using the Video Toolbox online
- Next time, Microsoft will release PowerShell updates via Windows Update Windows
May be interested
- 9 malicious applications on Google Play, if installed, should be removed immediatelyrecently, trend micro security researchers discovered a series of optimization applications, speeding up phones on google play containing androidos_badbooster.hrx malware.
- App Installer on Windows 10 was used to install BazarLoarder malwarethe trickbot hacker group is said to be taking advantage of windows 10's app installer to spread their bazarloader malicious code on the systems they target.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Detecting SharkBot malware hiding in anti-virus applications on Google Playsomehow, the sharkbot anti-virus application has been approved on the google play store.
- Decode all errors that appear on Google Play and how to fix them (Part 1)for android users, installing applications from google play seems simple, but many times you are dumb by the store returning errors with the whole code set, but you don't know why, also like how to fix them. located in the area on xda, this is pretty good, so please forgive everyone for watching and contributing.
- A series of malicious applications that collect user data, delete immediately if you are installingsecurity experts at mcafee have discovered a new type of malicious code that has entered the google play store through 60 different applications, called goldoson.
- About PowerShellwindows powershell is a command line utility and new scripting language provided by microsoft. why should i study and care about powershell? because it is a new-style utility? of course, every new utility is claimed to be 'different' from the old ones, but powershell has some components that really distinguish it from other utilities.
- Beware of deceptive and spreading malicious code via notification links of Google Alertgoogle alerts is a useful and widely used service around the world.
- Find out how to install malicious code on iPhone even when it is powered offin one of the first security analyzes of the find my functionality on ios, security researchers have uncovered a new attack surface.
- How to fix error 492 on Google Playandroid users use google play to download, install and update various apps on their smartphones but sometimes they encounter errors on the google play store. this article will guide you how to fix error 492 on google play.