News
How Fake 7-Zip Software Exposed a Much Bigger Criminal Proxy Business
Residential proxies are one of cybersecurity’s hottest topics, but many are not residential at all. Infoblox Threat Intel researchers traced what initially appeared to be an isolated malware campaign to a broader operation dating back several years.
The actor, tracked as Lurking Lizard, is linked to more than 230 domains used to infect victim devices, operate proxy infrastructure, impersonate known proxy providers and market related services.
Lurking Lizard appears to be a Chinese actor who affiliates with other proxy providers to resell access to bandwidth from compromised residential proxies. External researchers previously identified overlap between infrastructure connected to Lurking Lizard and IPIDEA, a major proxy provider that was disrupted earlier this year by a coordinated industry and law enforcement action.
While there have been multiple disruptions of proxy providers this year, the ability for threat actors like Lurking Lizard to continue operating the botnet devices demonstrates how hard it remains to dismantle the malicious residential proxy market.
The operation is vertically integrated, controlling several stages of acquisition, promotion and monetization. It builds new proxy nodes by distributing malware through lookalike domains tied to major software brands, then boosts those lures through search poisoning and online ads.
One such campaign, impersonating 7-Zip, drew attention earlier this year, but this was only one visible piece of a much larger system.
Infoblox Threat Intel also found that the actor sold access through lookalike domains posing as other commercial proxy services. By connecting those domains, the researchers were able to map the wider scope of the activity.

“What matters here is not one fake installer, but the business model behind it,” said Dr. Renée Burton, VP of Infoblox Threat Intel. “When criminal services can scale by borrowing trust from consumer software, app stores and review sites, the risk moves beyond the security team. It becomes an operations, fraud and brand issue for every company online.”
You can read the full research here.
-
Economy3 weeks agoOMIFCO IPO: Price, Dividends, Subscription Dates and Listing – Here’s Everything You Need to Know
-
Magazines2 months agoOER Magazine April 2026 Issue
-
Lifestyle2 months agoAP x Swatch Royal Pop: A Rule-Breaking Collaboration That Takes the Royal Oak Off the Wrist
-
Banking & Finance2 months agoTariq Atiq Appointed as CEO of Bank Nizwa
-
Oman2 months agoWhat Is Musstir Heights, Oman’s RO300mn Mountain Destination?
-
News2 months agoOman to Build EV & Battery Cell Plant in Duqm
-
Real Estate2 months agoOman Real Estate, Design & Build Exhibition-Conference 2026 Gets Underway
-
Economy2 months agoNon-Oil Sector Drives GCC Growth as Diversification Momentum Strengthens in Q3 2025
