Security News Malicious 7-Zip site distributes installer laced with proxy tool

Attachments

  • UkLsAR4v_o.png
    UkLsAR4v_o.png
    41.4 KB · Views: 12
  • Capture.JPG
    Capture.JPG
    28.5 KB · Views: 11
7Oz-64 said:
@Parkinsond
No MD flag here (all ASLR rules enabled), maybe a virus definitions database update. latest 1.445.13.0
Click to expand...
Wrecker4923

Security News Post in thread 'Malicious 7-Zip site distributes installer laced with proxy tool'

This is an interesting twist. I just tried to download the newly published 26.00 7-zip manager (from 7-Zip), which failed because of "Trojan:Win32/Wacatac.H!ml" detection, also reported on the Eleven forum.

Event[0]:
Time Created : xxx
ProviderName : Microsoft-Windows-Windows Defender
Id : 1116
Message : Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Wacatac.H!ml threat description - Microsoft Security Intelligence...
  • Wow
  • Like
 
Berny said:
@Parkinsond

↓ Kaspersky Premium Scan ↓

View attachment 295595
Click to expand...
Already posted K result before

Parkinsond

Security News Post in thread 'Malicious 7-Zip site distributes installer laced with proxy tool'

Parkinsond said:
I have tried too now; that is what I have got

View attachment 295587View attachment 295588View attachment 295589
Click to expand...
opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com
  • Like
 
  • Like
Reactions: Berny
Berny said:
@Parkinsond

Warning from MD : " Microsoft Defender SmartScreen has prevented an unknown app from starting. Running this app may pose a risk to your PC ."
Click to expand...
No mention of SmartScreen on my side.
It was blocked before landing on my drive (using Chrome, not Edge) even before trying to execute and SmartScreen could kick in.

In addition, I have Edge uninstalled.

Capture.JPG
 
  • Like
Reactions: Berny
@7Oz-64

or the website is compromised and the installer is tampered.
It is not the first time for MD to flag 7-Zip freshly released installer.

To keep on the safe side, I delete the installer and redownload it again a week later.
During such a period, if the website was compromised, it would be discovered and fixed.
If the problem the young age of the installer, it would not be considered young then anymore.
 
Last edited by a moderator:
  • Like
Reactions: Berny and 7Oz-64
Wrecker4923 said:
This is rather unusual for a scam/malware site. These guys seem to be playing a LONG game.
Click to expand...
Indeed and even their own provider Cloudflare warns about them, but it does not block them, because it is technically safe, for now. Maybe it was hacked?!

capture_02122026_181937.jpg

Wrecker4923 said:
"Trojan:Win32/Wacatac.H!ml" detection
Click to expand...
That is a common behavior detection, usually false, I have seen it many times, especially when related to questionable apps like Nirsoft, ProcessHacker or games.
 
  • Like
Reactions: Parkinsond
Parkinsond said:
Wrecker4923

Security News Post in thread 'Malicious 7-Zip site distributes installer laced with proxy tool'

This is an interesting twist. I just tried to download the newly published 26.00 7-zip manager (from 7-Zip), which failed because of "Trojan:Win32/Wacatac.H!ml" detection, also reported on the Eleven forum.

Event[0]:
Time Created : xxx
ProviderName : Microsoft-Windows-Windows Defender
Id : 1116
Message : Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Wacatac.H!ml threat description - Microsoft Security Intelligence...
  • Wow
  • Like
Click to expand...

7-Zip / Discussion / Open Discussion: 7-Zip 26.00

sourceforge.net sourceforge.net
 
  • +Reputation
Reactions: Parkinsond

You may also like...