Security researchers have uncovered a sophisticated operation by a threat actor known as Lurking Lizard, which has been transforming unsuspecting users' devices into residential proxy nodes through fake 7-Zip installers. This malicious campaign, first detected in August 2022 and still active, represents a concerning evolution in how cybercriminals monetize compromised systems without immediately triggering detection by traditional security tools.

According to DNS threat intelligence firm Infoblox, Lurking Lizard has established an extensive infrastructure comprising over 230 lookalike domains designed to trick users into downloading malicious software instead of the legitimate 7-Zip file compression utility. The group's campaign observed earlier this year involved weaponized installers that