An active typosquatting campaign is distributing malware-laced installers impersonating widely used software including 7-Zip, WhatsApp, TikTok, HolaVPN, and Wire VPN. Windows users who download and run these installers unknowingly enroll their machines as nodes in a residential proxy botnet, providing threat actors with legitimate-looking IP addresses to conduct credential stuffing, phishing, and malware distribution at scale. Direct harm to individual endpoints is moderate, but organizational exposure includes potential use of corporate IP ranges in downstream criminal activity and reputational risk if company assets are implicated.
