← All stories
● Covered by 1 source Β· 1 reportHigh impact

Lurking Lizard Uses Fake 7-Zip Installers for Malicious Proxy Operations

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

Cybersecurity researchers identified Lurking Lizard, a malicious entity using fake 7-Zip installers to recruit devices into a residential proxy network. Operating since at least August 2022, it exploits expired domains and other major proxy providers to generate traffic and evade detection.

Key points

Discovery of Lurking Lizard

Researchers revealed details about a new threat actor called Lurking Lizard, which has been conducting operations to build a malicious residential proxy business. This entity uses an extensive network of over 230 fake domains to launch its attacks and recruit compromised devices into its proxy network.

Malicious Proxy Infrastructure

The operation employs a strategy that dates back to at least August 2022, where users are misled into downloading trojanized versions of software like 7-Zip from misleading domains such as '7zip[.]com'. The compromised devices are then used as proxy nodes in its infrastructure.

Key Operational Tactics

Lurking Lizard mimics established proxy providers like IPIDEA and SmartProxy, further amplifying its credibility by manipulating search traffic through fake independent review sites. Analysis indicates a method known as drop-catching, allowing them to acquire expired domains for legitimacy.

Broader Implications

The use of 7-Zip installers is only part of a larger campaign; similar tactics have been noted with other applications like WhatsApp and TikTok downloaders. Investigations have traced this behavior back to a China-based actor using multiple apps and services to mask their true intentions.

Concluding Notes

The proliferation of these malicious proxy networks poses a significant threat to cybersecurity, as they remain undetected and relay illegal activities. Users are advised to download software only from verified sources and be cautious with unsolicited links.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

Cybersecurity researchers identified Lurking Lizard, a malicious entity using fake 7-Zip installers to recruit devices into a residential proxy network. Operating since at least August 2022, it exploits expired domains and other major proxy providers to generate traffic and evade detection.