In early February 2026, a dangerous malware campaign was uncovered by researchers that takes advantage of one of the most used utilities on the internet, 7-Zip. Rather than users downloading the file archiver from its official homepage, users are being tricked into grabbing installer files from a convincing fake website at 7zip[.]com. The real website being 7-zip.org. Within those installer files, it doesn’t just unpack files, it is silently turning your PC into part of a criminal proxy network.
How the Scam Works
A domain was registered as mentioned previously that looks very identical to the real 7-Zip site. The attackers then set up a trojanized installer. When using and looking at a first glance, it looks exactly like legitimate software. This installer even includes a working copy of 7-Zip to help evade suspicions. Though behind the curtain, additional malicious components are dropped into a system directory, registered as Windows services, and given deep persistence via SYSTEM-level auto-start settings.
These hidden components allow the attackers to enroll infected machines in a residential proxy botnet. This means that your home PC becomes a node. This creates the functionality for the criminals to route their traffic through your PC. This masks their activities behind your internet connection for fraud, web scraping, and/or abusive uses.
Why This Matters
Rather than being a typical malware drop, it is a brand impersonation. It is also a botnet-building effort that relies on small mistakes. An example of that could be following a YouTube tutorial with a bad link. The attacks being launched also do not have obvious attacks or damage files, so users may never realize their machine has been co-opted into a criminal network.
Goggle.com
If this tactic sounds familiar, that is because it is not new. In the late 1990s and early 2000s, typo-squatting scams like “Goggle.com” took advantage of users who mistyped the name of Google. With focuses on ad revenue or redirecting traffic, there were some that eventually distributed unwanted software or malware. This 7-Zip campaign takes a play right from the same playbook, but the stakes are raised now due to enrolling victims into a large-scale proxy botnet.
Best Practices
Ways to avoid becoming a victim of this attack:
- Always download software from official project domains – for 7-Zip, that’s 7-zip.org
- Use up-to-date security software to detect unauthorized services or network-routing activity
- Double check URLs and be cautious with software sources
By following these principles, you can protect your system from being unknowingly infected.