: The malicious installer appeared identical to the legitimate 7-Zip software and was even code-signed with a revoked certificate from JOZEAL NETWORK TECHNOLOGY CO., LIMITED to bypass Windows security warnings.
: The primary goal was to enroll the infected host as a residential proxy node, allowing third parties to route their internet traffic through the victim’s IP address for potentially illicit activities. RyS7.7z
: It embedded itself within Windows services to remain hidden and ensure it started automatically with the system. : The malicious installer appeared identical to the
Cybersecurity researchers from Malwarebytes and Help Net Security reported that this malware was distributed through deceptive websites (such as 7zip[.]com ) that mimicked the official 7-zip.org site. it poses significant risks
While this specific campaign primarily focused on proxy monetization rather than data theft, it poses significant risks, including your IP address being flagged for criminal activity conducted by third parties.
: Upon execution, the installer silently dropped several Go-compiled binaries, including: uphero.exe hero.exe hero.dll Malicious Behavior :