Cybersecurity Videos
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityVideosHow Stealthy Was the 7zip Malware and How to Spot It?
Cybersecurity

How Stealthy Was the 7zip Malware and How to Spot It?

•February 24, 2026
0
The PC Security Channel
The PC Security Channel•Feb 24, 2026

Why It Matters

The disguised 7‑Zip installer demonstrates how low‑profile malware can bypass traditional defenses, making vigilant source verification and firewall rule audits essential for protecting enterprise networks.

Key Takeaways

  • •Trojanized 7‑Zip installer adds hidden outbound firewall rule
  • •Malware uses built‑in Windows tools, leaving minimal system footprints
  • •Unrecognized firewall rules can reveal stealthy malware activity
  • •C2 domain heroSMS.co primarily targets managed service providers
  • •Sandbox analysis and DNS checks help detect disguised installers

Summary

The video dives into the Trojan‑laden 7‑Zip installer that was being served from the look‑alike domain 7zip.com, showing how the malicious package mimics the legitimate 7‑Zip setup while silently dropping a back‑door.

In the Any.run sandbox the analyst observed that the installer runs normally, then drops “uphero.exe”, which immediately creates an outbound Windows firewall rule via netsh to allow traffic to the command‑and‑control server. Network traces reveal only DNS queries to heroSMS.co, and the malware relies on native Windows utilities (cmd.exe, netsh) to avoid detection, resulting in almost no anomalous process activity.

The presenter highlights a screenshot of the firewall rule (“uphero” outbound allow) and notes that the C2 domain is predominantly seen in reports from MSSPs in the US, Japan and Germany. He also warns that AI tools like ChatGPT can inadvertently recommend the compromised installer, and that encrypted HTTPS/DNS‑over‑HTTPS further obscures malicious traffic.

For enterprises and end‑users the takeaway is clear: always verify download sources, routinely audit outbound firewall rules for unknown entries, and employ sandbox services such as Any.run to vet executables before deployment. Proactive monitoring can prevent stealthy proxyware from persisting in corporate environments.

Original Description

How Stealthy was the 7zip Malware? Last week we covered a stealthy trojan that looks like 7zip and comes from an official looking website, this time we take a deeper dive to see how you can spot such threats on your system. (sponsor) Level up your SOC: get sandbox licenses for faster threat detection
https://any.run/features/?utm_source=youtube_pc_security_channel&utm_medium=video&utm_campaign=7zip_malware&utm_content=features&utm_term=240226#contact-sales
Buy the best antivirus: https://thepcsecuritychannel.com/best-antivirus
Join the discussion on Discord: http://discord.tpsc.tech/
Get your business endpoints tested by us: http://tpsc.tech/
Contact us for business: https://thepcsecuritychannel.com/contact
0

Comments

Want to join the conversation?

Loading comments...