Last week Notepad++ had to give out a warning that their web hoster was infiltrated and certain users were receiving malware laced updates from September through December last year, now 7Zip is reporting that a malicious actor registered 7zip(.)com and was pushing out a fake version of 7Zip with a buried proxy in it. The official 7-Zip is 7-zip.org
There were associated YouTube how-to videos for building PCs with links to the fake site.
For all of these “baseline” utilities you use regularly (others include PuTTY, paint programs like Paint.NET, VLC, etc) I HIGHLY recommend you make sure you have the right URL and then bookmark it. Hopefully when you go again later, you’re less likely to screw up or accidentally get misled if your browser recommends the “known good” link first.
I can’t wait for Putty to get compromised. That was officially hosted on an http server (no TLS!) for wayyy too long back in the day. Always thought it was the perfect honeypot for a nefarious actor - millions of clueless Wintel admins pounding passwords into it all day long.
That works fine for the 7-Zip case, but not the Notepad++, which was a supply pipeline attack, where the official site was hacked and a malware laden version of the official tool was delivered.
But, yes, in general for those sorts of utilities, bookmarking the official site is a very good recommentdation.
That said, I’d all but forgotten about 7-Zip, I’ve just been using the onboard zipping tools on my Macs and Windows PCs.