Fake 7-Zip Installers Turn PCs Into Proxy Nodes

ยท
Listen to this article~5 min
Fake 7-Zip Installers Turn PCs Into Proxy Nodes

Fake 7-Zip installers are turning computers into residential proxy nodes without users' knowledge. Learn how this scam works and how to protect yourself.

Cybersecurity researchers recently uncovered a troubling new scheme run by a threat actor they're calling Lurking Lizard. This group has built a full-blown malicious residential proxy business using over 230 fake domains that look like legitimate sites. The operation has been active since at least August 2022, according to Infoblox, a DNS threat intelligence firm. One campaign spotted earlier this year involved fake 7-Zip installers that secretly turned victims' computers into proxy nodes without their knowledge. ### How the Scam Works Here's the basic playbook: You search for a free file compression tool like 7-Zip, click on what looks like the official download page, and install the software. But instead of getting a useful program, your computer gets hijacked. - The fake installer runs silently in the background. - It connects your machine to a residential proxy network. - Your IP address gets used to route traffic for criminals. - You never notice anything's wrong. This isn't some amateur operation. The attackers built over 230 domains that mimic popular software download sites. They even paid for ads to push these fake pages to the top of search results. > "It's a classic bait-and-switch, but with a modern twist," says Robert Moore, Lead Antidetect Browser Specialist. "They're exploiting trust in free software to build a hidden proxy army." ### Why Residential Proxies Are Valuable Residential proxies are a hot commodity in the cybercrime world. Unlike datacenter proxies that get blocked easily, residential IPs come from real homes and businesses. They look legitimate to websites and security systems. Criminals use these proxies for all sorts of dirty work: - Bypassing geo-restrictions to access streaming content. - Launching credential stuffing attacks on banks and retailers. - Scraping competitor data without getting blocked. - Hiding the true source of phishing campaigns. Lurking Lizard's business model is simple: infect your computer, sell access to your IP address, and let others do the dirty work. The victims never see a dime. ### How to Protect Yourself The good news is that staying safe doesn't require a degree in cybersecurity. Just follow a few commonsense rules. **Stick to official sources.** Always download software from the developer's official website or trusted app stores. If you're looking for 7-Zip, go directly to 7-zip.org. Don't click on ads or third-party download sites. **Check the URL before you click.** Look closely at the domain name. Fraudsters often use slight misspellings like "7ziiip.com" or "7-zip-download.net" to trick you. **Use a good antivirus.** Modern security tools can detect malicious installers before they run. Keep your antivirus updated and run regular scans. **Watch for unusual behavior.** If your internet feels slower than usual or your computer's fan runs constantly, something might be wrong. A sudden spike in data usage is another red flag. ### The Bigger Picture This attack highlights a growing trend in cybercrime: turning everyday devices into tools for criminal activity. Your laptop, phone, or smart TV could be used without your permission to commit fraud or launch attacks. For professionals who rely on antidetect browsers to manage multiple online identities, this is a wake-up call. The same techniques that make residential proxies useful for legitimate privacy work also make them attractive to criminals. "The line between privacy tools and crime tools is blurrier than ever," Moore adds. "That's why it's so important to understand what you're installing and where it comes from." ### Final Thoughts Lurking Lizard's operation is sophisticated, but it's not invincible. By staying vigilant and sticking to safe download habits, you can avoid becoming part of their proxy network. And if you ever suspect your computer's been compromised, disconnect it from the internet immediately and run a full security scan. The internet is full of free tools, but not all of them are what they claim to be. A little caution goes a long way.