Phishing , Malware Fake 7-Zip website distributes trojanized installer, turns PCs into proxy nodes February 11, 2026 By SC Staff (Adobe Stock Images) As reported by Bleeping Computer, a malicious campaign is actively distributing a trojanized installer for the popular 7-Zip archiving tool through a fake website designed to trick users into downloading malware. This fake installer transforms infected computers into residential proxy nodes, routing third-party traffic through the victim's IP address. The fraudulent website, impersonating the legitimate 7-Zip project at 7zip[.]com, mimics the original site's structure and text. Researchers at Malwarebytes discovered that the installer, digitally signed with a revoked certificate, contains the actual 7-Zip program alongside three malicious files: Uphero.exe, hero.exe, and hero.dll. These components establish a Windows service, modify firewall rules to allow network connections, and profile the system's hardware and network characteristics. The primary function of the malware is proxyware, enrolling the infected host into a residential proxy network. The campaign also utilizes trojanized installers for other popular software like HolaVPN, TikTok, and WhatsApp. This incident highlights the persistent threat of domain impersonation and the exploitation of user trust, particularly when users follow links from unverified sources like YouTube tutorials. The use of residential proxy networks by threat actors for activities such as credential stuffing and phishing underscores the need for enhanced user awareness regarding software downloads. Users should prioritize obtaining software directly from official websites and exercise caution with search engine results and video recommendations to avoid becoming unwitting participants in malicious networks. Source: Bleeping Computer SC Staff Malware Lazarus Group exploits npm and PyPI with fake recruitment campaign SC Staff February 13, 2026 The Lazarus Group's operation, codenamed "graphalgo," began in May 2025. Phishing Windows LNK exploits allow malicious payload deployment SC Staff February 13, 2026 The attack methods exploit inconsistencies in how Windows Explorer prioritizes conflicting target paths within LNK files. Email security 1st malicious Outlook add-in ‘AgreeToSteal’ discovered, over 4,000 credentials stolen SC Staff February 12, 2026 The first known malicious Microsoft Outlook add-in has been discovered in the wild, marking a new frontier in supply chain attacks. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Related Terms Adware You can skip this ad in 5 seconds