Several critical vulnerabilities have been documented that affect how 7z files are processed: Fake 7-Zip downloads are turning home PCs into proxy nodes
The 7z format, created by Igor Pavlov, is the foundation of these files. Its design is modular and supports advanced features that, while useful, can be exploited: : Uses LZMA/LZMA2 for high compression ratios. doit.7z
: Treats multiple files as a single stream to improve efficiency, though this can complicate selective scanning by some antivirus engines. Recent Vulnerabilities (2025–2026) : Supports strong AES-256 encryption and filename encryption
: These payloads are often proxyware , turning the victim's computer into a residential proxy node for third-party traffic. The 7z Format Architecture the specific malicious campaign
: Attackers use lookalike websites (e.g., 7zip[.]com instead of the legitimate 7-zip.org) to trick users into downloading a weaponized installer.
A "solid paper" on this topic covers the context of the software it targets, the specific malicious campaign, and technical mitigations.
: Supports strong AES-256 encryption and filename encryption.
