Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Lurking Lizard Exploits 7-Zip Installers for Proxy Network

Lurking Lizard Exploits 7-Zip Installers for Proxy Network

Posted on July 9, 2026 By CWS

Cybersecurity experts have uncovered a new threat actor known as Lurking Lizard, which is operating a malicious residential proxy network. This sophisticated operation involves over 230 imitation domains to support its activities.

Threat Actor’s Modus Operandi

According to DNS threat intelligence firm Infoblox, the malicious activities of Lurking Lizard have been traced back to at least August 2022. One notable campaign involved distributing a compromised version of 7-Zip through a domain called “7zip[.]com,” turning infected devices into proxy nodes.

Lurking Lizard has also impersonated well-known proxy services like IPIDEA, SmartProxy (now Decodo), IP Royal, and 911Proxy. The group has even created fake review websites to drive traffic to its fraudulent storefronts. Earlier this year, Google dismantled IPIDEA’s infrastructure as part of its efforts to combat this issue.

Extensive Network and Infrastructure

Recent findings by Proxyway revealed that 773,087 IP addresses associated with SmartProxy were also listed in a public dataset from IPIDEA containing over 16 million unique IPs. This suggests a direct relationship between SmartProxy and IPIDEA, either through reselling or using the same IP sources.

Analyses of WHOIS data and infrastructure indicate that Lurking Lizard may be based in China. The group uses popular VPNs and services such as HeroSMS to cloak its proxy malware, enhancing its deceptive operations.

Tactics and Broader Implications

A key tactic employed by Lurking Lizard is “drop-catching,” where they acquire expired domains to capitalize on their established legitimacy. This method has been used with domains like “7zip[.]com,” exploiting their resemblance to legitimate sites.

Further investigation into the IPLogger URL embedded in these campaigns showed that similar setups were used for fake 7-Zip, WhatsApp installers, and other false applications. The campaign’s evolution includes the use of WireVPN branding and targets users across multiple operating systems, including Android, macOS, and Windows.

The Android app “wirevpn – Fast Unlimited Proxy,” developed by a U.K.-based company, has over 1 million downloads, though it’s unclear how many are organic. It’s also uncertain whether these mobile apps include the same proxy functionalities as their desktop counterparts.

This operation forms a comprehensive illegal proxy business, encompassing phases from victim recruitment to monetization through deceptive proxy service brands and review sites.

Future Outlook and Challenges

Infoblox compared the situation to malvertising in affiliate advertising, highlighting the complexity and elusiveness of solutions to such cybersecurity threats. The Lurking Lizard network is not limited to a single malware campaign but spans the entire residential proxy lifecycle, continuously evolving over the years.

Recently, Google announced it had disrupted the NetNut residential proxy network, which had compromised millions of devices, including smart TVs. This underscores the risks faced by users, whose devices may unknowingly serve malicious purposes.

As cybersecurity threats continue to evolve, awareness and proactive measures are crucial in safeguarding devices from being exploited in such complex networks.

The Hacker News Tags:7-Zip, Cybersecurity, DNS, fake installers, Google, Lurking Lizard, Malvertising, Malware, proxy network, residential proxy

Post navigation

Previous Post: GhostApproval Flaw in Popular AI Coding Tools Raises Security Concerns
Next Post: 8Layers Secures $2.9M for Digital Identity Protection

Related Posts

Critical BeyondTrust Vulnerability Exploited by Hackers Critical BeyondTrust Vulnerability Exploited by Hackers The Hacker News
Anthropic Unveils Claude Fable 5 with Cybersecurity Focus Anthropic Unveils Claude Fable 5 with Cybersecurity Focus The Hacker News
Insights from 160 Million Attack Simulations Insights from 160 Million Attack Simulations The Hacker News
Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack The Hacker News
ChocoPoC Malware Targets Researchers with Fake Exploits ChocoPoC Malware Targets Researchers with Fake Exploits The Hacker News
F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Chrome 150 Update Fixes Critical Security Flaws
  • Meta’s AI Tool Utilizes Public Instagram for Image Creation
  • Critical PAN-OS Flaw Exposes Devices to Code Execution
  • 8Layers Secures $2.9M for Digital Identity Protection
  • Lurking Lizard Exploits 7-Zip Installers for Proxy Network

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Chrome 150 Update Fixes Critical Security Flaws
  • Meta’s AI Tool Utilizes Public Instagram for Image Creation
  • Critical PAN-OS Flaw Exposes Devices to Code Execution
  • 8Layers Secures $2.9M for Digital Identity Protection
  • Lurking Lizard Exploits 7-Zip Installers for Proxy Network

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark