If you’ve downloaded Windows Toolbox from GitHub, bad news: Turns out, it’s a Trojan that’s been quietly messing with your PC. Given the plethora of positive utilities the Toolbox serves, it may come as a shock that it’s actually a vehicle for malware that’ll redirect your URLs, hit you with unsavory Chrome extensions, and more.
The reason the Toolbox got popular was thanks to its advertised features: It shaves down the bloat of Windows 11 and 10 by getting rid of certain preinstalled apps, disabling Cortana and OneDrive, and much more. Furthermore, it sells itself as a solution for a one-click installation of the Google Play Store on Windows 11.
The kicker: Toolbox actually delivers, for the most part. The issue is that it also features PowerShell code that’ll set the stage for malicious scripts to run on your device (via BleepingComputer). You can see the tool’s GitHub listing here.
This is the seemingly innocuous code hidden away in Toolbox.Source: BleepingComputer
From there, Chromium extensions will be added without your consent, activating revenue harvesting schemes by redirecting you to unwanted promotions as well as referral and affiliate scam URLs. If you believe you’ve been infected, BleepingComputer has a breakdown of steps to remedy the issue, which you can see by clicking the hyperlink up above.
This isn’t the only sneaky, stealth-minded Windows threat to crop up in recent memory. Tarrask malware did a noteworthy-enough job of covering its tracks to get Microsoft’s attention.