This fake Google Play Store script could spell havoc for Windows 11 users

An elaborate scheme to distribute a simple trojan

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A popular method of addingGoogle’sPlay Storeto theWindows 11Android subsystem was actually an elaborate ruse to have people download a low-quality, almost amateurish,malware.

WhenMicrosoftfirst releasedWindows 11, it promised the OS would allow users to run Android apps, natively. However, users couldn’t do it directly from the Play Store and were rather pointed toward the Amazon App Store.

Soon enough, someone published a new tool to GitHub called Windows Toolbox. It provided many benefits, from debloating theoperating systemto activating both the OS and Office, to - installing the Play Store for the Android subsystem.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

An elaborate trojan

The tool worked so well that it quickly blew up within the community, raking in downloads.

However, it seems that the tool worked a little too well.

As reported byBleeping Computer, Windows Toolbox is actually a trojan that executes a “series of obfuscated, malicious PowerShell scripts” that install trojan clickers and maybe even other malware.

The script uploads information regarding the victimendpoint’s geographic location to the developer, but other than that, its malicious behavior is relatively underwhelming, the publication claims.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

All it does is generate revenue, by redirecting users to affiliate and referral URLs.

This nasty new trojan lifts login details from Chrome, Edge and Outlook>This nasty trojan uses Discord as a command and control server>This unreported trojan managed to steal 1.2 TB of personal data

As if the developer never expected the tool to become so popular and didn’t bother building a more elaborate money-making scheme.

When users visitwhatsapp.com, for example, the script will redirect them to a random URL that promotes different scams, such ashttps://tei.ai/hacky-file-explorer,https://tei.ai/pubg-for-low-spec-pc, orhttps://tei.ai/get-free-buck.

“The impact of the payload delivered by hits convoluted mess of scripts is so minor that it almost feels like something is missing,” the publication concludes.

Apart from the scripts, the tool indeed works as intended. It appears that it only targets victims living in the United States.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)