The archive typically contains several Go-compiled binaries. According to analysis from IBM X-Force , once extracted or executed by the initial dropper, these files perform several covert actions:
In early 2026, researchers from Malwarebytes identified a sophisticated "typosquatting" or lookalike website (7zip[.]com) that mimicked the official 7-Zip site. Users who downloaded the software from this fake domain received an installer that functioned correctly but silently dropped harmful files, including "AmarettoOverprice.7z," onto their systems. Technical Composition and Behavior
The file "AmarettoOverprice.7z" is a compressed archive that surfaced as part of a significant cybersecurity incident in early 2026. This file is a distributed via a trojanized version of the legitimate 7-Zip software. The Trojanized Installer Scheme
: The malware manipulates Windows Firewall settings and installs new services to ensure it remains active even after a system reboot.
The archive typically contains several Go-compiled binaries. According to analysis from IBM X-Force , once extracted or executed by the initial dropper, these files perform several covert actions:
In early 2026, researchers from Malwarebytes identified a sophisticated "typosquatting" or lookalike website (7zip[.]com) that mimicked the official 7-Zip site. Users who downloaded the software from this fake domain received an installer that functioned correctly but silently dropped harmful files, including "AmarettoOverprice.7z," onto their systems. Technical Composition and Behavior AmarettoOverprice.7z
The file "AmarettoOverprice.7z" is a compressed archive that surfaced as part of a significant cybersecurity incident in early 2026. This file is a distributed via a trojanized version of the legitimate 7-Zip software. The Trojanized Installer Scheme The archive typically contains several Go-compiled binaries
: The malware manipulates Windows Firewall settings and installs new services to ensure it remains active even after a system reboot. " onto their systems.