By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Fake 7-Zip Installers Deploy Residential Proxy Malware

Cybersecurity researchers have identified a threat actor, "Lurking Lizard," that has been operating a malicious residential proxy business since at least August 2022. This operation leverages over 230 lookalike domains to distribute malware disguised as legitimate software installers, notably for the popular file archiver 7-Zip. Infoblox, a DNS threat intelligence firm, provided details on this ongoing campaign.
The primary method of infection involves tricking users into downloading fake installers from these deceptive domains. Once executed, the malware transforms the victim's device into a residential proxy node. This allows the threat actor to route their own internet traffic through compromised home networks, masking their origin and potentially facilitating illicit activities. The scale of the operation is significant, with the infrastructure comprising more than 230 domains designed to mimic legitimate software download sites.
One observed campaign earlier this year specifically targeted users seeking to download 7-Zip. The fake installers, upon execution, silently install the proxy malware without the user's knowledge or consent. This technique exploits the trust users place in well-known software names and the convenience of direct downloads. The residential proxy model is particularly concerning as it leverages the IP addresses of ordinary internet users, making malicious traffic harder to trace and attribute.
Infoblox's analysis indicates that Lurking Lizard has been actively developing and refining its infrastructure and tactics over an extended period. The use of numerous lookalike domains suggests a sophisticated approach to evading detection and maintaining operational continuity. The residential proxy market, while having legitimate uses, is also a known tool for cybercriminals seeking to anonymize their activities, conduct large-scale scraping, or bypass geo-restrictions for malicious purposes.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.