7-Zip is a popular archiving tool used to compress and extract files. Many people use it instead of WinRAR to reduce file sizes and make them easier to manage.
It has been around since 1999, with the latest stable release arriving in August 2025. However, Malwarebytes, a cybersecurity company, has warned that a fake 7-Zip website has surfaced, and it looks convincing.
Here’s what happened, and what you can do to make sure it doesn’t happen to you.
Behind the convincing 7-Zip impersonation
It is a fairly easy mistake to make, especially if you are not paying close attention. To avoid it, make sure you only download 7-Zip from the official website at https://www.7-zip.org.
The fake site worked so well because it included a fully functional 7-Zip installer. It installed the real application, which meant most users had no idea anything malicious had happened.
Once the fake installer ran, it quietly dropped additional files into C:\Windows\SysWOW64\hero\ and registered them as Windows services. These services ran with System privileges and launched automatically every time the PC booted.
With persistence established, the malware modified firewall rules to allow its own traffic. It then profiled the system, collecting hardware and network information before enrolling the device into a residential proxy network.
In simple terms, someone else could use your home internet connection as a relay. Their activity would appear to originate from your IP address, potentially linking their actions back to you while your connection was quietly being resold.
What do if impacted?
Disconnecting your device from the internet should be your first step. After that, navigate to C:\Windows\SysWOW64\ and check whether a hero folder exists, as this can indicate the system has been affected.
I also recommend reading MalwareBytes breakdown on the entire ordeal, here, which includes details on everything.
Once you have confirmed whether your PC is compromised, review your Windows Defender Firewall rules. We have a guide on managing the firewall in Windows 11 here.
You should also check for any suspicious Windows services. We have a separate guide that walks through how to review and manage services safely.
Next, run a full system scan using Microsoft Defender. It is also worth running a second opinion scan with your antivirus software of choice. We recommend Bitdefender Total Security.
Finally, you may want to consider a full operating system reinstall for complete peace of mind. It is also sensible to change important passwords and review any sensitive accounts that were accessed on the machine.
Double-check the website you use to download software, bookmark official domains like 7-zip.org, and share this warning with anyone building or setting up a new PC.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
