Overview

A fake version of the popular file-compression tool 7-Zip has been circulating online through a look-alike website. The site appears almost identical to the real 7-Zip page, but the installer it provides contains hidden malware. Instead of just installing the normal program, it secretly installs software that turns the victim’s computer into a “residential proxy”. This means attackers can route internet traffic through the infected device, using the victim’s home internet connection for activities like phishing, fraud and other harmful behaviour.

The scam is especially dangerous because the installer still includes the legitimate 7-Zip program, so the user doesn’t suspect anything is wrong. The malicious software runs quietly in the background, keeps itself active even after rebooting, and makes changes to the system to ensure it stays connected. It also communicates with outside servers to receive instructions and to report information about the infected computer. The goal is not to steal your files directly, but to secretly use your device and internet connection for criminal purposes.

This campaign has been spreading beyond 7-Zip. Similar fake installers have been found pretending to be other popular apps like VPN services and messaging tools. The attackers rely on common user behaviour, like following a YouTube tutorial or clicking a search result, to direct victims to the fake download site. Because the fake site looks so convincing, many people can be misled without realising it.

 

Recommended Remediations

ctrl:cyber strongly recommends the following security controls and habits to stay secure;

  • Implement an application control solution.
    Implementing Application Controls allows your organisation to strictly control what applications are installed to users devices. This will mitigate the risk of potentially unwanted software from being unwittingly installed by end users.
  • Restrict Local Administrator access for end user devices.
    Remove local administrator rights from end users and implement least-privilege access controls, so software installations and system-level changes require IT approval. This significantly reduces the risk of malware gaining persistence or modifying critical system settings.
  • Always use the official website.
    Bookmark the official download page for tools you use often. Don’t rely on search results every time.
  • Double-check the web address.
    Fake sites often use very similar names. A missing hyphen or a different ending can be a scam.
  • Be careful with links in tutorials.
    YouTube videos and online guides may include wrong or unsafe links. Always verify the link before downloading anything.
  • Avoid downloading from unfamiliar sites.
    If you don’t recognise the site, don’t download from it. Look for the official site or trusted sources instead.
  • If something feels off, stop and check.
    If the installer looks unusual or asks for extra permissions, pause. Check the official site again or search for the correct download.
  • Keep your security software updated.
    Antivirus programs can detect and remove known threats. Run a scan if you suspect something is wrong.