Common ProblemPowershell Windows Toolbox that helps install Google Play on Windows 11 is malware
Among other things, a third-party tool used to install the Google Play Store was found to be malicious. In fact, one of Neowin's readers, Eli, seems to have fallen victim to the tool as they appeared to have used it to install the Play Store.
The tool, called "Powershell Windows Toolbox," is hosted on GitHub, and user LinuxUserGD noticed that the underlying code was mysterious and contained malicious code. Later, user SuchByte raised the issue for the tool. The Powershell Windows toolbox has been removed from GitHub.
Here’s everything the tool claims to do:
First, the software uses a Cloudflare worker to load the script. In the "How to use" section of the tool, the developers have instructed users to run the following command in the CLI:
While the loaded script does the above, it was also found here Obfuscated code. Deobfuscation of this revealed that these were PowerShell code that loaded malicious scripts from Cloudflare workers and files from the GitHub repository of user alexrybak0444, a possible threat actor or one of them. These were also reported and removed (archived version here).
After this, the script ultimately creates a Chromium extension, which is believed to be the main malicious component of this malware campaign. The payload of the malware appears to be certain links or URLs used to generate revenue through affiliates and referrals by promoting certain software or some money-making scheme distributed through Facebook and WhatsApp messages.
If you happen to have the Powershell Windows Toolbox installed on your system, you can remove the following components created by the tool during an infection:
- Microsoft\Windows\AppID\ VerifiedCert
- Microsoft\Windows\Application Experience\Maintenance
- Microsoft\Windows\Services\CertPathCheck
- Microsoft\Windows\Services\CertPathw
- Microsoft\ Windows\Serviceing\ComponentCleanup
- Microsoft\Windows\Service\Service Cleanup
- Microsoft\Windows\Shell\ObjectTask
- Microsoft\Windows\Clip\ServiceCleanup
Also delete the "C:\systemfile" hidden folder created by the malicious script during the infection. If you are performing a system restore, make sure to use a restore point that is not done by the Powershell Windows Toolbox itself, as it will not remove malware from the system.
The above is the detailed content of Powershell Windows Toolbox that helps install Google Play on Windows 11 is malware. For more information, please follow other related articles on the PHP Chinese website!
telegram是什么软件Jul 07, 2022 pm 05:05 PMTelegram是一款跨平台的即时通讯软件,用户可以相互交换加密与自毁消息,发送照片、影片等所有类型文件;Telegram有加密聊天的功能,使用这种功能,聊天双方的内容完全保密,不会担心被监控或被第三方偷窥。官方提供Android、iOS、Windows、macOS、Linux和网页版等多种平台客户端;同时官方开放应用程序接口,有许多第三方的客户端可供选择 。
armoury crate是什么软件Jul 18, 2022 pm 03:52 PMarmoury crate是一款简易实用,功能全面的华硕系统控制软件;通过Armoury Crate平台,可以启动主页面上的系统性能模式调整、设置相关应用软件、获取系统信息,当机器连接支持的外设时,也可以使用Armoury Crate中所整合的Lighting、AURA Sync功能进行各种灯光特效的设定。
xrkit是什么软件Jul 18, 2022 pm 03:13 PMXRKit是为华为手机场景提供场景化、组件化的AR解决方案的框架软件,也就为华为相机,提供了虚拟模型在真实世界中的呈现。XRKit软件支持AR SDK,能与Unity3D引擎兼容,包括PTC Vuforia,ARKit,ARCore等。为AR呈现能力、人脸特效、光影特效;它属于华为XR生态的基础性软件。
推特是什么软件Jul 13, 2022 am 11:07 AM推特(Twitter)是一个社交网络及微博客服务软件,是一家美国的公司;Twitter利用无线网络、有线网络、通信技术进行即时通讯,是微博客的典型应用,允许用户将自己的最新动态和想法以短信息的形式发送给手机和个性化网站群。
glance by mirametrix是什么软件Jul 28, 2022 am 10:59 AMglance by mirametrix是一款眼球追踪软件;glance是由Mirametrix开发的应用程序,软件配合红外摄像头可识别用户脸和眼睛的方向,其中主要包括了状态检测、智能指针和窗口分屏三个功能。
ldplayer是什么软件Aug 02, 2022 pm 02:59 PMldplayer是一款多功能Android操作系统的模拟器,通过它可以直接在PC上运行Android智能手机游戏,是将家用PC或笔记本电脑转变为运行移动软件的游戏机的方法;ldplayer可以用来进行联网,用户可以和其他人一起开启联机对战。
rav endpoint protection是什么软件Aug 11, 2022 pm 04:06 PMrav endpoint protection是瑞星杀毒软件;RAV是“RisingAnti-virus”的缩写,是瑞星反病毒软件的意思,瑞星杀毒软件采用获得欧盟及中国专利的六项核心技术,形成全新软件内核代码,具有八大绝技和多种应用特性。
commercial service是什么软件Aug 11, 2022 pm 04:17 PMcommercial service指的是商业服务软件;该软件主要为提供产品维修、系统升级、检测换机以及产品咨询等服务,服务的产品包括手机、电视、手表、耳机以及其他配件。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Zend Studio 13.0.1
Powerful PHP integrated development environment
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
