Chinese researchers from QiAnXin discovered a malicious installer disguised as the Russian version of 7Zip software on the official Microsoft App Store .
As noted in QiAnXin, the malicious package was downloaded back in January 2023 and remained undetected for almost a year, and its removal followed only after it was reported to Microsoft.
However, 7z-soft.exe also had alternative download methods other than the Microsoft App Store, including social engineering and redirects from web pages.
According to QiAnXin telemetry, the number of downloads of the malicious package from the Microsoft App Store has increased significantly since August, which could be due to problems in WinRAR.
The main goal of the malware was to steal various types of files, including text documents, keys, wallets, and other valuable data. The final payloads were Redline Malware, Lumma Stealer, and Amadey.
Kudos for the sophistication because, to avoid detection, the attackers used a JPHP library to download payloads from a remote server and updated them daily.
Researchers were unable to attribute the threat. But the most incomprehensible thing for them in this story was not even the attribution, but how the attackers managed to upload the malware to the Microsoft App Store.
We See What Others Cannot
