7zip.com Is Serving Malware
8 hours ago
- #proxyware
- #cybersecurity
- #malware
- A fake 7-Zip website (7zip[.]com) has been distributing trojanized installers that turn victims' machines into residential proxy nodes.
- The malware installs alongside a functional 7-Zip File Manager, making it harder to detect, and includes components like Uphero.exe, hero.exe, and hero.dll.
- The malware establishes persistence via Windows services, manipulates firewall rules, and profiles the host system before enrolling it as a proxy node.
- The campaign exploits trust in third-party distribution channels, such as YouTube tutorials, to spread malicious installers.
- The malware uses encrypted communication, DNS-over-HTTPS, and anti-analysis techniques to evade detection.
- Researchers have linked this campaign to a broader operation distributing similar proxyware under different software names.
- Defensive measures include verifying software sources, monitoring for unauthorized services, and blocking known command-and-control domains.
- Malwarebytes and other security tools can detect and remove the malware, though a full OS reinstall may be preferred for high-risk systems.