CyberSecurityBoard
Sponsor Register Login

Beware of Malicious 7ZIP on the Microsoft App Store

Hackers target 7ZIP due to its widespread use and popularity, making it a lucrative vector for spreading malware.
Exploiting vulnerabilities in 7ZIP allows them to compromise a large number of systems, potentially leading to unauthorized access or data theft.
Cybersecurity researchers at QiAnXin Threat Intelligence Center recently discovered that hackers are actively targeting 7ZIP to deliver or spread malware via the Microsoft App Store.
Microsoft quickly removed malicious software from its App Store after researchers reported it.
The rogue package, named UTG-Q-003, went undetected for almost a year since its January 2023 appearance.
It's unknown how attackers uploaded the package.
The 7z-soft software was first downloaded on March 17, 2023, according to QiAnXin's data platform.
JPHP, an open-source project, uses Java to run PHP code, evading detection effectively.
Attackers kept changing payloads on their C2 server for extended evasion.
Exe had multiple download methods, and URLs are now inaccessible.
Both domains were WordPress sites, suggesting UTG-Q-003 invaded WordPress to store payloads and redirect webpages.
Despite browser closure, Windows notifications can still deliver links.
Initial phishing emails prompt enabling message notifications, evading email gateway detection.
In the second stage, tailored phishing links exploit the target host's platform.
UTG-Q-003 delivers JPHP framework-based installation packages.
Downloads surged on the Microsoft App Store, potentially tied to the WinRAR vulnerability.
After the CVE-2023-38831 disclosure, East Asian APT groups initiated phishing attacks in China.
SEO manipulation and difficulty finding 7zip on official sites push users to the Microsoft App Store, leading to compromise.
Russian package gets negative reviews from Chinese users, highlighting China's software download challenges.
The attacker domains link to Russia and Ukraine, preventing attribution, especially in Russian-speaking regions.


This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 14 Dec 2023 07:15:11 +0000


Cyber News related to Beware of Malicious 7ZIP on the Microsoft App Store

Beware of Malicious 7ZIP on the Microsoft App Store - Hackers target 7ZIP due to its widespread use and popularity, making it a lucrative vector for spreading malware. Exploiting vulnerabilities in 7ZIP allows them to compromise a large number of systems, potentially leading to unauthorized access or ...
1 year ago Cybersecuritynews.com CVE-2023-38831
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
1 year ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
1 year ago Go.theregister.com
Take a Cisco Store Tech Lab Tour - Around 7,100 visitors came through the Cisco Store, and 396 attendees participated in 23 tours. We walked attendees through key highlights of our Tech Lab, demonstrating how multiple products can work together. We started at our grid wall, displaying ...
1 year ago Feedpress.me
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
1 year ago Bleepingcomputer.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
1 year ago Techrepublic.com
Cisco Store Xplorer: An AR Experience - Augmented reality has the potential to unlock a new level of interaction with the world around us. The Cisco Store has harnessed this technology by creating the Cisco Store Xplorer AR app. When the app is first opened, it detects whichever store is ...
1 year ago Feedpress.me
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com Black Basta
Crypto scam apps infiltrate Apple App Store and Google Play - Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. Pig butchering scams have been happening for a few ...
2 years ago Bleepingcomputer.com
Microsoft Introduces PC Cleaner App to Boost PC Performance - In a move to enhance user experience, Microsoft has predicated its PC Cleaner app, now conveniently available on the Microsoft Store for both Windows 10 and Windows 11 users. Developed and tested since 2022 under the name PC Manager, originally ...
1 year ago Cysecurity.news
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
5 months ago Hackread.com
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
2 years ago Securityweek.com
Microsoft: March Windows updates mistakenly uninstall Copilot - ​Microsoft says the March 2025 Windows cumulative updates automatically and mistakenly remove the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. More recently, Microsoft announced that it's rolling out a new ...
2 weeks ago Bleepingcomputer.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Improving Audience Understanding and Store Operations - Understanding how to best serve customers is a primary focus for retailers. Retailers need to know what their customers are buying, when they're buying it, and their feelings while shopping. Stationing staff members in the store to gauge customer ...
1 year ago Feedpress.me
Fraudsters Successfully Inserted Cryptocurrency Programs into Apple and Google's App Stores - Scammers were able to get two malicious apps onto the app stores of both Google and Apple, allowing them to trick users into investing in fake cryptocurrency. According to a report from Sophos, the apps, Ace Pro and MBM BitScan, were found on both ...
2 years ago Therecord.media
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Are you sure that online store is real? You might be surprised - The rise of user-friendly online store platforms, originally designed to simplify launching digital storefronts, has unintentionally contributed to this problem. These scam artists have a worldwide presence, launching numerous fake stores in various ...
1 year ago Blog.avast.com
Epic Games Wins: Historic Decision Against Google in App Store Antitrust Case - The conflict between tech behemoths Google and Apple and Fortnite creator Epic Games is a ground-breaking antitrust lawsuit that has rocked the app ecosystem. An important turning point in the dispute occurred when a jury decided to support the ...
1 year ago Cysecurity.news Rocke
Jakarta EE Security: Using Identity Stores - As one of the most important aspects of modern business applications and services, the security of the Java enterprise-grade applications didn't wait for the Jakarta EE 10 outbreak. It evolved little by little with the gradual development of ...
1 year ago Feeds.dzone.com
Samsung Galaxy App Store Vulnerabilities: Exploits Released and What These Mean For Users - Exploits have recently been released for two Samsung Galaxy App Store vulnerabilities, representing a major security risk for users of the smartphone. The first vulnerability is in the Galaxy App Store where malicious app developers can bypass ...
2 years ago Bleepingcomputer.com
Secure Financial Apps: Proactive Measures - People are using multiple apps to transfer, invest, and save money as per their requirements. These are some of the scenarios within a financial app where cybersecurity can play a key role in averting fraudulent transactions. Of late, a lot of ...
1 year ago Feeds.dzone.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
Using the Knowledge Store on Cisco Observability Platform - Cisco Observability Platform enables developers to build custom observability solutions to gain valuable insights across their technology and business stack. While storage and query of Metric, Event, Log, and Trace data is a key platform capability, ...
1 year ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)