As reported by Bleeping Computer, a malicious campaign is actively distributing a trojanized installer for the popular 7-Zip archiving tool through a fake website designed to trick users into downloading malware. This fake installer transforms infected computers into residential proxy nodes, routing third-party traffic through the victim's IP address.The fraudulent website, impersonating the legitimate 7-Zip project at 7zip[.]com, mimics the original site's structure and text. Researchers at Malwarebytes discovered that the installer, digitally signed with a revoked certificate, contains the actual 7-Zip program alongside three malicious files: Uphero.exe, hero.exe, and hero.dll. These components establish a Windows service, modify firewall rules to allow network connections, and profile the system's hardware and network characteristics. The primary function of the malware is proxyware, enrolling the infected host into a residential proxy network. The campaign also utilizes trojanized installers for other popular software like HolaVPN, TikTok, and WhatsApp.This incident highlights the persistent threat of domain impersonation and the exploitation of user trust, particularly when users follow links from unverified sources like YouTube tutorials. The use of residential proxy networks by threat actors for activities such as credential stuffing and phishing underscores the need for enhanced user awareness regarding software downloads. Users should prioritize obtaining software directly from official websites and exercise caution with search engine results and video recommendations to avoid becoming unwitting participants in malicious networks.Source: Bleeping Computer




