Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Cybercriminals Exploit Fake Software to Create Proxy Networks

Cybercriminals Exploit Fake Software to Create Proxy Networks

Posted on July 8, 2026 By CWS

Introduction

Cybercriminals have been covertly transforming regular computers into proxy servers by disguising malware as a popular file compression tool, 7-Zip. This operation, which has been ongoing for several years, deceives users into installing malicious software under the guise of genuine software.

Users looking for the free 7-Zip tool are redirected to a counterfeit website, leading to the installation of hidden proxy software instead. This malware exploits victims’ internet connections, renting them out to paying clients without the users’ knowledge.

Uncovering the Cyber Scheme

The fraudulent campaign gained attention in early 2026 when the fake installation package was found on 7zip[.]com, a site that mimicked the legitimate 7-zip[.]org. This was not a one-off scam but rather part of a wider, long-term operation.

Security researchers traced these activities back to at least August 2022. They discovered a network of fake software brands, all orchestrated by a group identified as Lurking Lizard.

Infoblox, a security firm, reported that this group runs a comprehensive proxy business, from deceiving users into installing malware to reselling the hijacked bandwidth. The operation was linked through domain records, shared code, and hidden tracking elements within the malware.

Scale and Methodology of the Operation

Infoblox’s findings reveal over 230 domains associated with this actor, covering fake VPN apps, download tools, and proxy service websites. The evidence suggests the operation is based in China, as indicated by the domain registration details.

The group, undeterred by exposure, has rebranded and continued its operations under different names. Their technique, known as drop-catching, involves purchasing expired domains to exploit their existing search engine reputation.

Investigators identified several drop-catch domains linked to the group, some with registration dates going back as far as 2004. A significant clue was a hardcoded tracking link found in the malware, connecting this campaign to other unrelated scams.

The Evolution to WireVPN

The 7-Zip scam has evolved into a new guise, WireVPN, available on both Apple and Google app stores. Despite its claims, testing revealed that WireVPN behaves more like a conduit for external internet traffic than a protective VPN.

Infoblox advises users to avoid downloading software from unofficial sources and to verify domains before installation. They also recommend scrutinizing app publisher details, as Lurking Lizard’s apps bear legitimate-looking certificates.

Security teams are urged to monitor for specific file names and network behaviors indicative of this group to detect infections early. This incident underscores the importance of vigilance, as many users unknowingly contribute their bandwidth to malicious proxy networks.

Conclusion

This case highlights the persistent threat posed by cybercriminals exploiting software trust. Users should remain cautious and ensure software is sourced from reputable sites to mitigate the risk of falling victim to such scams.

Cyber Security News Tags:7-Zip scam, Cybersecurity, fake software, Infoblox, internet security, Lurking Lizard, Malware, online safety, proxy networks, WireVPN

Post navigation

Previous Post: GitHub Copilot Generates Harmful Code Despite Refusals
Next Post: Claude Cowork Enhances AI Session Management on Mobile

Related Posts

cPanel Issues Urgent Fix for Critical Security Flaw cPanel Issues Urgent Fix for Critical Security Flaw Cyber Security News
Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence Cyber Security News
Russia’s Ban on WhatsApp Impacts Over 100 Million Users Russia’s Ban on WhatsApp Impacts Over 100 Million Users Cyber Security News
Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner Cyber Security News
AI Enhances Russian and Chinese Influence Tactics AI Enhances Russian and Chinese Influence Tactics Cyber Security News
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Claude Cowork Enhances AI Session Management on Mobile
  • Cybercriminals Exploit Fake Software to Create Proxy Networks
  • GitHub Copilot Generates Harmful Code Despite Refusals
  • DuckDuckGo Introduces Built-In YouTube Ad Blocking
  • SCMBANKER Malware Targets Mexican Banks with ClickFix Tactics

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Claude Cowork Enhances AI Session Management on Mobile
  • Cybercriminals Exploit Fake Software to Create Proxy Networks
  • GitHub Copilot Generates Harmful Code Despite Refusals
  • DuckDuckGo Introduces Built-In YouTube Ad Blocking
  • SCMBANKER Malware Targets Mexican Banks with ClickFix Tactics

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark