85/69 Thursday, February 12, 2026
Cybersecurity experts have identified an attack campaign involving a fraudulent website impersonating the popular file archiver 7-Zip. The attackers are using the domain 7zip[.]com (the legitimate site is 7-zip[.]org) and have designed the webpage to closely resemble the official version, making it difficult for users to distinguish between the two. If victims download and install the fake software, the malware silently deploys an add-on known as proxyware, transforming the victim’s computer into a node within a residential proxy network without their knowledge. Hackers can then exploit this access to conduct illegal activities such as password spraying, phishing campaigns, or distributing additional malware while concealing their true identity and location.
Analysis revealed that the malware installer uses a revoked digital certificate to appear trustworthy and allow Windows systems to accept the installation. Once installed, the malware embeds malicious files in the directory C:\Windows\SysWOW64\hero\, creates a service running with SYSTEM-level privileges, and modifies firewall settings using netsh commands to enable both inbound and outbound communications. Further intelligence suggests that this operation is part of a broader campaign extending beyond 7-Zip, with attackers also impersonating installers for other widely used software, including HolaVPN, TikTok, WhatsApp, and Wire VPN. The malware is also capable of detecting whether it is being analyzed in a virtual machine, helping it evade security researchers.
For users in Thailand-where 7-Zip is widely used, alongside communication apps such as TikTok and WhatsApp-this threat is particularly relevant. The risk is especially high for individuals who download software through links in YouTube tutorials or search engine advertisements. Users are strongly advised to carefully verify website URLs before downloading any software and to access only official, verified websites to prevent their computers from being hijacked for criminal purposes
