News Security

Infoblox Uncovers Lurking Lizard Campaign Behind Fake 7-Zip Downloads and Global Criminal Proxy Network

Renée

Threat intelligence research reveals how fake software installers, search poisoning, and counterfeit proxy services are fueling a sophisticated cybercrime ecosystem.

Infoblox Threat Intel has uncovered a sophisticated cybercriminal operation, dubbed Lurking Lizard, that uses fake 7-Zip software downloads to build a global network of compromised residential proxies. The research reveals that what initially appeared to be a single malware campaign is part of a much larger criminal infrastructure spanning more than 230 malicious domains.

According to Infoblox researchers, the threat actor distributes malware through lookalike websites impersonating trusted software brands and amplifies them using search engine poisoning, online advertisements, and fake reviews. Once devices are compromised, they are converted into residential proxy nodes that are resold to cybercriminals for malicious activities.

The report also highlights links between Lurking Lizard and IPIDEA, a major proxy provider that was disrupted earlier this year through coordinated law enforcement action. Despite these takedowns, the research shows that operators continue to monetize compromised devices through counterfeit proxy services and affiliated reseller networks.

“Cybercriminals are no longer relying on isolated malware campaigns they are building scalable business models that exploit trusted software brands, fake reviews, and compromised residential proxies.” — Dr. Renée Burton, VP, Infoblox Threat Intel

Infoblox warns that the campaign represents a broader shift in cybercrime, where attackers leverage the trust associated with legitimate consumer software to create sustainable criminal businesses rather than isolated malware attacks.

The company noted that the threat extends beyond cybersecurity teams, posing significant operational, fraud, and brand reputation risks for enterprises. Organizations are advised to strengthen software verification practices, monitor DNS activity, and educate users against downloading applications from unofficial sources.

The complete research is available on the Infoblox Threat Intel website.

Related posts

Nutanix Enterprise Cloud Index: AI Accelerates Container Adoption in Saudi Arabia as Data Sovereignty Becomes Top IT Priority

Enterprise IT World MEA

ASUS and Intel Launch AI Lab in Oman to Advance AI Education and Digital Innovation

Enterprise IT World MEA

Montagu to Acquire Majority Stake in BMC Helix to Accelerate Growth in Agentic AI and ServiceOps

Enterprise IT World MEA

Leave a Comment