Malwarebytes experts uncover a trojanized 7-Zip version from a fake website, turning devices into proxy nodes for traffic theft and covert attacks. Learn how to avoid such cyber incidents.
© RusPhotoBank
Security researchers have uncovered a new cyber incident that demonstrates how dangerous even familiar utilities can be when downloaded from unofficial sources. Malwarebytes experts identified a trojanized version of the popular 7-Zip archiver that was distributed through a fake website with an address closely resembling the legitimate 7-zip.org domain. Instead of installing the standard free archiving software, users received a hidden malicious component that turned their devices into proxy nodes for traffic theft and covert attacker activity.
The malware not only installed the archiver itself but also downloaded additional components that transformed the user's computer into part of a third-party network infrastructure. This scheme allows attackers to redirect internet traffic through the IP addresses of infected machines, giving malicious actors the ability to conceal their tracks and leverage victim resources to bypass blocks, send spam, or conduct attacks.
The attack came to light after a Reddit user reported infecting their device by following a link from a YouTube video comment. Experts emphasize that even a small error in a domain name—such as an extra letter or different ending—can lead to downloading malicious files and system compromise. One key recommendation from specialists is to always download programs only from official manufacturer websites or verified mirrors, while also carefully checking digital certificates of installers.
This incident serves as a reminder of how crucial basic cyber hygiene is: an incorrectly entered URL, clicking on links from comments, and failing to verify installer authenticity can result in computers becoming tools in attackers' hands, with owners remaining unaware for extended periods.