🟡 Medium | Source: The Hacker News
A threat actor known as Lurking Lizard has been running a large-scale residential proxy network since at least August 2022, luring victims into downloading fake 7-Zip installers from over 230 lookalike domains. Once installed, the malware silently enrolls the victim’s device as a proxy node, effectively monetising their internet connection and IP address without their knowledge. This is significant because residential proxies are frequently abused to bypass geo-restrictions, conduct credential stuffing, and obscure the origin of other malicious activity.
Security Architect’s Take: Enforce application allowlisting and restrict software installation to approved, signed packages from verified sources within your cloud workloads and end-user environments. Review egress traffic patterns for anomalous outbound proxy-like connections, and ensure DNS filtering blocks lookalike domains — consider deploying a protective DNS solution such as those compliant with NCSC’s PDNS guidance.
Original advisory: Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes