Researchers at the Chinese security firm QiAnXin identified a malicious installer posing as the Russian version of the 7Zip software available on the official Microsoft App Store. Despite it being uploaded in January 2023, the app was only removed by Microsoft after a series of complaints.
In addition to the Microsoft App Store, the 7z-soft.exe file was available for download through alternative channels, using tactics involving social engineering and web page redirection.
According to QiAnXin's report, the number of downloads of the malicious package from the Microsoft App Store notably increased since August, potentially linked to issues with WinRAR. The malware enabled the theft of various files, including text documents, keys, wallets, and other sensitive information.
The malware's final payloads were Redline Malware, Lumma Stealer, and Amadey.
To evade detection, the attackers employed the JPHP library to download payloads from a remote server, updating them on a daily basis. As of now, researchers have been unable to attribute the threat or determine how the attackers succeeded in infiltrating and uploading the malware to the Microsoft App Store.
Windows 11 now includes native support for over ten additional archive formats, including RAR, 7-Zip, tar, and GZ. These new archive formats are handled with help of the open source libarchive project. So if you are on the latest version of the OS, you may rely on the built-in solution and avoid installing extra apps.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment