Following a YouTube tutorial for a new build, they were instructed to download 7‑Zip from 7zip[.]com, unaware that the legitimate project is hosted exclusively at 7-zip.org.
My heart goes out to the poor, unsuspecting new PC owner and at the same time: fuck YouTube tutorials. It’s basically Russian roulette: either the information is solid or you get shit like this. YouTube doesn’t vet videos, nor does it have any interest in doing so, unless profits are somehow involved.
So the threat actors squatted on a similar domain name and sent malicious 7zip installers. namecheap is the registrar for the offending domain, abuse@namecheap.com is the appropriate place to report this crap.
This is why ninite.com is and will always be the correct way to install basic software on a fresh PC
Correction: your central repository (or winget if you’re a win snob
Yes, go ahead and keep telling ordinary people to use a terminal, I’m sure they’ll come around any day now…
I never download apps from other than the official homepage or from sites linked from these. This case is by download 7-Zip from a fake homepage, not from the real one. This can happen when you use a third party download page, even if Ninite is normally a trustworth site.
