A threat actor created a fake website impersonating the official 7-Zip project to distribute a trojanized installer that silently deploys proxyware on Windows machines. Any employee who downloaded 7-Zip outside of approved channels may have enrolled their workstation into a covert proxy network, exposing corporate traffic to interception or enabling attacker-controlled tunneling through your network perimeter. The attack requires no software vulnerability, only a user search and a manual download, making shadow IT and unmanaged endpoints the primary exposure surface.