Automatically translated.View original post

Fake 7-Zip app detected. Downloaded and definitely addicted to malware.

Fake 7-Zip app detected. Downloaded and definitely addicted to malware.

Software for file compression can be called many, but there are only a few familiar ones, such as WinZip, WinRar, and 7-Zip, the latter of which has become an issue, but not from WinZip and WinRar security vulnerabilities, but from negative name impersonators.

According to a report by the official website of anti-malware developer Malwarebytes, a member of the famous web board Reddit inside the r / pcmasterrace room came up with a thread about the detection of fake 7-Zip software, which the PC Builder said downloaded fake 7-Zip software from the 7zip [.] com website after watching a video of the tutorial on Youtube and then acknowledged that the official 7-Zip website was 7-zip.org not the site.

The user also revealed that after downloading the file on the USB drive and installing it on the newly assembled machine, a 32-bit versus 64-bit Error occurred so often that it was uninstalled. After about two weeks, the Windows Defender has a malware detection alert called Trojan: Win32 / Malgent! MSR, making it predictable to come from the fake 7-Zip software.

This fake 7-Zip software. The Installer was checked and found to be a modification of a real installation file called 7zfm.exe. But the file has a Cetificate signed under the fake company name Jozeal Network Technology Co., Limited. The certificate has been detected as Revoke. This file, if installed successfully, will work exactly like a normal 7-Zip, but there are three additional Components included.

Uphero.exe - Service Manager and Update Manager (Update loader)

Hero.exe - A file compiled with the Go language acts as the main Proxy Payload to turn the victim's machine into a Proxy Node so that a third party (3rd Party) can send data by relying on the victim's IP number.

Hero.dll - Library File (Library) Support

The set of files is placed in the System C: WindowsSysWOW64hero folder, a folder that has a high degree of Privilege access permissions, which is often unchecked. It was also found that the set of files used an update channel independent of the installer using the update.7zip [.] com / version / win-service / 1.0.0.2/Uphero.exe.zip channel.

The main malware files.exe retrieves the configuration from the commutated C2 or Command and Control domain, but all under the "smshero" theme to create Outbound Proxy through port 1000 or 1002. In addition, the research team also found that XOR encryption with key 0x70 was used to hide the command message. After the victim's machine became a Proxy Node under the hacker's Infrastructure network, the victim's IP number was taken. These proxy applications will also be resold to other cybercriminals, used for fraud, identity concealment, or for advertising.

In addition to its core capabilities, malware also has the ability to avoid being detected variously, e.g.

Detecting simulated environments like VMware, VirtualBox, QEMU and Parallels.

Anti-Debugging

Verification that Runtime API resolution and PEB are in use

Monitoring of the system environment (Environment), including Process Enumeration and Registry Probing

In addition to that, the research team also found that the malware has support for a variety of encryption systems to protect data traffic (Traffic), such as AES, RC4, Camellia, Chaskey, XOR encoding, and Base64.

Call it that such malware is dangerous, and indeed malicious, so readers must be careful to check the software download source first whenever the download is installed on the machine for safety.

# Trending # Lemon 8 Howtoo # lemon 8 diary # ZIP # freedomhack

3/3 Edited to

... Read moreจากประสบการณ์ของผู้ใช้ทั่วไป การติดตั้งซอฟต์แวร์บีบอัดไฟล์ เช่น 7-Zip เป็นเรื่องที่ช่วยให้จัดการไฟล์ได้สะดวก แต่เมื่อได้มาเจอกับกรณีของแอป 7-Zip ปลอมนี้ ทำให้เราได้เรียนรู้ข้อควรระวังในการดาวน์โหลดและติดตั้งซอฟต์แวร์เพิ่มมากขึ้น โดยเฉพาะอย่างยิ่งเมื่อพบว่าแอปปลอมนี้แอบแฝงมัลแวร์ที่มีความสามารถสูง ทั้งการสร้าง proxy node เพื่อส่งข้อมูลผ่าน IP เครื่องของเรา และยังมีระบบอัปเดตแยกออกมาเพื่อหลีกเลี่ยงการตรวจจับ นอกจากนี้ มัลแวร์ยังมีเทคนิคป้องกันการวิเคราะห์อย่างดี เช่น ตรวจสภาพแวดล้อมจำลอง, ต้านการดีบักดิ้ง, ใช้การเข้ารหัสหลายรูปแบบ รวมถึงวางไฟล์ลงในโฟลเดอร์ระบบที่มีสิทธิ์ระดับสูงอย่าง C:WindowsSysWOW64hero ด้วย การถูกแฝง Trojan:Win32/Malgent!MSR ถือเป็นสัญญาณเตือนที่ควรให้ความสำคัญมาก เพราะการที่เครื่องกลายเป็น Proxy Node หมายความว่า IP ของเราสามารถถูกนำไปใช้ในกิจกรรมที่ผิดกฎหมายอื่น ๆ เช่น การซ่อนตัวตนออนไลน์, การฉ้อโกง หรือการขุดรายได้จากโฆษณาโดยไม่ได้รับอนุญาต สิ่งที่สำคัญที่สุดคือการตรวจสอบแหล่งที่มาของไฟล์ติดตั้งอย่างละเอียดว่าตรงกับเว็บไซต์หลัก 7-zip.org หรือไม่ สำหรับผู้ที่ประกอบหรือดูแลระบบคอมพิวเตอร์เป็นประจำ แนะนำให้ใช้โปรแกรมแอนตี้มัลแวร์ที่มีการอัปเดตฐานข้อมูลล่าสุดอย่างสม่ำเสมอ และควรตั้งค่าการสแกนอัตโนมัติเมื่อมีไฟล์เข้ามาใหม่ ๆ รวมถึงหมั่นตรวจสอบ Certificate ของไฟล์ติดตั้งว่ามีความน่าเชื่อถือหรือไม่ เพื่อป้องกันการถูกหลอกใช้ซอฟต์แวร์ปลอม นอกจากนี้ ความรู้จากการติดตามข่าวสารความปลอดภัยไซเบอร์นั้นถือเป็นสิ่งสำคัญ เพราะจะช่วยให้เรารู้ทันภัยใหม่ ๆ และวิธีรับมืออย่างรวดเร็ว ท้ายที่สุดนี้การดาวน์โหลดซอฟต์แวร์จากแหล่งที่น่าเชื่อถือ รวมถึงการศึกษาวิธีตรวจสอบไฟล์และ Certificate จะช่วยเสริมความปลอดภัยให้กับเครื่องของเรา และลดความเสี่ยงจากมัลแวร์อย่างมั่นใจ ถือเป็นบทเรียนสำคัญสำหรับผู้ที่ใช้งานคอมพิวเตอร์ทุกคนในยุคที่ภัยไซเบอร์มีความซับซ้อนและแฝงตัวมาทุกที่

Related posts

Rizz em with the tism ⚡️
I was diagnosed with autism in 9th grade and for some reason, I do some really weird, unexplainable things 🤣 Especially when the room is quieter #stimming #audhd #autism #neurospicy #sillygoose United States
Llamazinglooks

Llamazinglooks

2846 likes

How I Reduced My AI Score by 88% in Just One Day
✨ Latest Update: My AI detection rate on Turnitin dropped to 0%! (From over 88% all the way down to single digits — what a relief 😭) Not gonna lie, I was losing it over those AI scores these past few days. Everything was 100% handwritten, yet Turnitin still flagged it sky-high. After digging int
Alice

Alice

199 likes

Health Talk - The Cost of Ignoring the Health Signals
Welcome, Decoding Health Signals Chronicles™, Health Talks, Healthy Insights Spotlight Enthusiasts! Most people don’t wake up one day with burnout, brain fog, or constant exhaustion. The body usually sends small signals first. Maybe you’ve noticed: • Feeling tired even after a full night
Healthy Insights HQ🎙️

Healthy Insights HQ🎙️

2 likes

How i study the night before an exam
All right, it’s that time again: night study sesh. Just hanging out with my notes, drink coffee and study with "bypassgpt.ai" to fight off the sleep monster, lol. Wish me luck! 🌟✍🏻🤎 #bypassgpt #cozynight #studywithme #unistudent
emilie.studygram

emilie.studygram

356 likes

⚠ BOTMOB SCAN DETECTED Bombast detected. Operator deployed: DJ BOT LA ROCK Link
#AskLemon8 #healthyrelationship #softskills #mentalhealthawareness #BOTMOB
appa juse

appa juse

1 like

“Questions with no intent to listen aren’t questions — they’re weapons.”
#NameThePressure #VisualLearning #AcademicAesthetic #Gaslighting #Narcissist
appa juse

appa juse

0 likes

not extreme, just consistent.
these habits made the difference for me😋 #GymTok #gymgirl #caloriedeficit #calorietracking #nutriplan
Lillypark

Lillypark

27 likes

Pump your glutes in just 3 months before summer
#gluteroutine #bodytransformation #glutesandcore #
Emma Fitness

Emma Fitness

1 like

Your attention is their oxygen. ⚠ BOTMOB SCAN DETECTED The LEECH
#StudyTips #NameThePressure #ThreatFile #Lemon8Diary #SoftSkills
appa juse

appa juse

0 likes

BREAKING NEWS @ATEEZ_Official new album golden hour part 4 coming soon! dont forget to pre-order and stay tuned for more atiny updates ‼️ #ateez #atiny #kpop #kpopstore
SarangHello

SarangHello

2 likes

This ai tool makes your essays undetectable
That after-school essay grind... ☕️💻 We all know the panic when you use AI for a little help, but the detector hits you with "100% AI Detected." 😱 I ran the exact same text through "Humbot.ai" to humanize it, and... 0% AI detected. It’s a total game-changer for making sure m
Milktea Emma

Milktea Emma

145 likes

They Dared Me to Make a Subnautica Mod... #tiktok #usa #minecraft
torque.test

torque.test

0 likes

A black, sleek AIPAL DOCK device with glowing blue and purple lights, featuring a circular head with two white 'eyes' and a green indicator. The background shows glowing lines forming '4 Days' and text announcing its launch on Kickstarter on May 26, 2026.
It Knows You’re There Presence detected
Before the screen wakes. Before you say a word. AIPAL already knows you’ve arrived. Powered by millimeter-wave sensing, AIPAL actively detects your presence the moment you sit down—responding with subtle light, motion, and awareness before any interaction begins. Not just an A
ZEEHOO

ZEEHOO

0 likes

🚀 Unidentified signal detected over the Gulf Coast
High-speed visuals. Deep-space energy. Precision-built execution. Pensacola X® operates at the intersection of AI-driven media, cinematic storytelling, and next-generation marketing—delivering content engineered to capture attention instantly and hold it. Nothing random. Nothing accidental.
PENSACOLA X®

PENSACOLA X®

2 likes

Emotional abuse can be intentional or unintentional, but if not detected in time, it can damage your self-esteem and mental health. Here are 5 repetitive behaviors showing someone is emotionally abusing you. #emotionalabuse #psychologytips #MentalHealthAwareness #toxicrelationships
iitsDia.miindset

iitsDia.miindset

1 like

Bulking meals without dirty eating
#bodytransformation #foodstogainweight #weightyourfood #bulking #nutriplan
Tyler Wong

Tyler Wong

1 like

⚠ BOTMOB SCAN DETECTED Dogpiling: Group Attack Counter: WAR OF THE WORDS
#AskLemon8
appa juse

appa juse

0 likes

🚨 BREAKING NEWS ALERT 🚨 This just in… travelers across California are reporting unbelievable room deals appearing on the map! 🗺️ Authorities confirm the source is none other than Studio 6 / Motel 6 — where comfortable extended-stay rooms and clean accommodations are now popping up at pric
Motel 6/ studio 6

Motel 6/ studio 6

0 likes

Maestro border #r6 #r6siege #rainbowsixsiege #rainbow6siege #schizosiege #siegex
Schizo6Siege

Schizo6Siege

0 likes

Middle school days was fun asf😂😂💯 #fyp #funny #viral #school #foryoupage
Juju

Juju

69 likes

⚠ BOTMOB SCAN DETECTED Dogpiling: Group Attack Counter: WAR OF THE WORDS
#AskLemon8
appa juse

appa juse

0 likes

How to make your essay sound human 0% AI Detected
#essay #study #aitools #aihumanizer #edu
Self lock

Self lock

9 likes

“Everyone does that...” ⚠ BOTMOB SCAN DETECTED ABSTRACTION TRAP
#AskLemon8 #healthyrelationship #softskills #mentalhealthawareness #BOTMOB
appa juse

appa juse

0 likes

An AI control room showing facial recognition, biometric analysis, and crowd surveillance, illustrating how AI helps catch criminals.
Two individuals in a van using experimental AI systems to map people's movements inside a house using Wi-Fi signals, demonstrating "Wi-Fi X-ray vision."
A woman observing screens displaying AI gait analysis, identifying a suspect from their walk pattern and body shape, even with their face covered, using stride tracking technology.
FOLLOW&LIKE&4MORE CONTENT🎥 I POST FOR THE COMMENTS🤣💭 #trending #viral #exp
FOLLOW&LIKE&4MORE CONTENT🎥 I POST FOR THE COMMENTS🤣💭 #trending #viral #explore
RobTFA

RobTFA

20 likes

“Everyone does that…” ABSTRACTION TRAP ⚠ BOTMOB SCAN DETECTED
#AskLemon8 #healthyrelationship #softskills #mentalhealthawareness #BOTMOB
appa juse

appa juse

0 likes

🥰🥰🥰
#workout 🏋️ #glowup #gymmotivation #beproactive #nutriplan
Emma Fitness

Emma Fitness

40 likes

No lies detected
One of my most popular videos I’ve had on TikTok so I guess I will share it here too. #booktok #darkromance #darkromancebook
Samee Michelle

Samee Michelle

880 likes

A graphic with a dark, glitchy background displays a 'BOTMOB SCAN DETECTED' warning. It features a speech bubble with the quote 'Everyone else agrees with me, so you must be wrong,' and details 'T-27 SOCIAL PROOF' as a social/status threat using group consensus to pressure individuals.
⚠ BOTMOB SCAN DETECTED Social Proof: “Everyone else is doing it.
#AskLemon8 #healthyrelationship #softskills #mentalhealthawareness #BOTMOB
appa juse

appa juse

0 likes

‘ll do better, just give me time.” ⚠ BOTMOB SCAN DETECTED Future Fake.
#cyberbullying #cyberbullyingawareness #mentalhealthawareness #mentalhealthideas #mentalgrowth
appa juse

appa juse

0 likes

BreachFragment: DRAGON.BOOTS-ΔX111 Classification: Flameborne Combat Relic Surface Scan: Fluorescent Red / White Marked Texture Profile: Scaled overlays, serpent-core ridging Heat Index: 911°F (stabilizing) Material Analysis: Unknown synthetic blend, semi-organic response Visual Markings: R
乂 ᐯᕮし〇ᑕᏆ丅丫丫 丨乙

乂 ᐯᕮし〇ᑕᏆ丅丫丫 丨乙

0 likes

‘ll do better, just give me time.” ⚠ BOTMOB SCAN DETECTED Future Fake.
#cyberbullying #cyberbullyingawareness #mentalhealthawareness #mentalhealthideas #mentalgrowth
appa juse

appa juse

0 likes

100/10 recommend this baby monitor. Plays music has motion and noise alarms etc #vtech #Fyp am I the only mom that watches these cameras non stop? And still can’t relax
Clarissa

Clarissa

0 likes

CHECK YT LINK IN BIO! #blackops7 #callofdutyblackops #campaign #bo7 #fypviralシ
IIM.NOOT.Q

IIM.NOOT.Q

0 likes

Whoever you are. Don’t ever play like that #tiktokshop #viral
Levala RN | TTSA | 🇨🇲🇺🇸

Levala RN | TTSA | 🇨🇲🇺🇸

0 likes

A phone screen displays a "LIQUID DETECTED" notification, stating charging is unavailable due to liquid in the Lightning connector. The screen also shows the time 2:40, a TikTok logo with 64.5K+ likes, and a Lemon8 logo with the username @marybarclay0516.
Mary Barclay

Mary Barclay

0 likes

Sniper Shots
#rainbowsixsiege #Gamer #gaming #ps5 #shots
ItsCloudTho

ItsCloudTho

2 likes

not 1 lie detected ‼️
iam_mztrish💋a.ka. Ladee Virgo

iam_mztrish💋a.ka. Ladee Virgo

5 likes

welcome to my nerdy side project Spool #contentcreator #influencertips #marketingtips
Cara Cassidy

Cara Cassidy

1 like

‘ll do better, just give me time.” ⚠ BOTMOB SCAN DETECTED Future Fake.
#AskLemon8 #healthyrelationship #softskills #mentalhealthawareness #BOTMOB
appa juse

appa juse

0 likes

Distortion Detected
Distortion Detected #clockworkmask #liminalspaces #backrooms #endless #vrchatworldshowcase
Clockworkmask

Clockworkmask

0 likes

turning my iPad mini into a gaming console 🎮💕✨ someone recommended the @Razer Kishi & so obvi I ordered it immediately! Let me know if you want a longer term review & please leave your iPad game recs! #ipad #razerkishi #ipadgames #applearcade #ipados26
Chantal 👩🏻‍💻 PaperNRoses

Chantal 👩🏻‍💻 PaperNRoses

55 likes

See more