A threat actor named Lurking Lizard is distributing malware disguised as popular software, such as 7-Zip and WireVPN, to create a proxy botnet. Operating primarily out of China, this group uses deceptive lookalike domains to lure users into downloading infected applications unknowingly. Victims’ devices become part of a proxy network that the actor rents out to third parties, enabling various cybercriminal activities.
Security analyses have traced their activities back to 2022, with claims of controlling around 2 million active proxies. To defend against this, users are advised to verify software sources and monitor their network traffic for unusual activity.