1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This fake Google Play Store script could spell havoc for Windows

    From TechnologyDaily@1337:1/100 to All on Fri Apr 15 14:15:03 2022
    This fake Google Play Store script could spell havoc for Windows 11 users

    Date:
    Fri, 15 Apr 2022 13:03:20 +0000

    Description:
    A highly popular Windows 11 tool turns out to be a trojan.

    FULL STORY ======================================================================

    A popular method of adding Googles Play Store to the Windows 11 Android subsystem was actually an elaborate ruse to have people download a low-quality, almost amateurish, malware .

    When Microsoft first released Windows 11 , it promised the OS would allow users to run Android apps, natively. However, users couldnt do it directly from the Play Store and were rather pointed toward the Amazon App Store.

    Soon enough, someone published a new tool to GitHub called Windows Toolbox.
    It provided many benefits, from debloating the operating system to activating both the OS and Office, to - installing the Play Store for the Android subsystem.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. An elaborate trojan

    The tool worked so well that it quickly blew up within the community, raking in downloads.

    However, it seems that the tool worked a little too well.

    As reported by Bleeping Computer , Windows Toolbox is actually a trojan that executes a series of obfuscated, malicious PowerShell scripts that install trojan clickers and maybe even other malware.

    The script uploads information regarding the victim endpoint 's geographic location to the developer, but other than that, its malicious behavior is relatively underwhelming, the publication claims.

    All it does is generate revenue, by redirecting users to affiliate and referral URLs. Read more

    This nasty new trojan lifts login details from Chrome, Edge and Outlook


    This nasty trojan uses Discord as a command and control server


    This unreported trojan managed to steal 1.2 TB of personal data

    As if the developer never expected the tool to become so popular and didnt bother building a more elaborate money-making scheme.

    When users visit whatsapp.com, for example, the script will redirect them to
    a random URL that promotes different scams, such as https://tei.ai/hacky-file-explorer , https://tei.ai/pubg-for-low-spec-pc , or https://tei.ai/get-free-buck .

    The impact of the payload delivered by hits convoluted mess of scripts is so minor that it almost feels like something is missing, the publication concludes.

    Apart from the scripts, the tool indeed works as intended. It appears that it only targets victims living in the United States. Protect against malware
    with the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-fake-google-play-store-script-could-spell- havoc-for-windows-11-users/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)