A new malicious spam campaign is abusing icon files to trick victims into performing the NanoCore Trojan.
Recently, SpiderLabs at Trustwave said that a new phishing campaign had described a method for spreading NanoCore, a remote access Trojan (RAT).
Furthermore, the emails pretend to be from a ‘Purchase Manager’ of businesses tricked like legal business partners. These phishing messages include an attachment named “NEW PURCHASE ORDER.pdf*.zipx,” which are nothing but image binary files.
Additionally, the icons have information attached to them in a. RAR format. By using an icon file, it’s easy for fraudsters to avoid protections and security offered by email gateways.
To Read More: ZDNet