Windows 11 has been given the ability to run native Android apps from the Amazon AppStore, but there are solutions for those who want direct access to apps from the Google Play Store. However, it seems that those who chose to use a certain software solution that would allow this to wake up with malware on their computers. This way, if you use Windows Toolbox to access the Play Store on Windows 11, or for other operating system changes, your data may be compromised.
Windows Toolbox, an application for modifying Windows 10 and 11, includes malware
According to Bleeping Computer, the Windows Toolbox application, also available on GitHub, is actually a Trojan, which, while it does what it promises, which is to enable Office or Windows without a valid key, removes certain services and applications from Windows for ” debloating ”and provides access to the Google Play Store, it also installs some hidden things.
Windows Toolbox can download applications and files in the background without the user’s knowledge through the commands in the Power Shell interface. Everything is done by a “worker” hosted on Cloudfare, who does everything automatically. Once installed, the malware could run in the background and automatically redirect users to various sites that displayed ads or to affiliate links on various online stores. Also, a folder called “systemfile” on the main drive copies data from Chrome, Edge, and Brave browsers, with all the information attached to the default user account.
To check if you are affected by this malware after using Windows Toolbox, show the hidden folders in Windows and check if you have a folder in the C: drive called “systemfile”. If it exists, there may be folders that contain other malware components such as the “pywinvera” and “pwinveraa” folders in C: \ Windows \ security, as well as the winver.png file, located in same location. It is advisable to completely delete these files and folders.
source: Bleeping Computer