Malspam campaign uses icon files to delivers NanoCore RAT


malspam icon files

Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims into executing the NanoCore remote access Trojan. 

The emails use a .zipx file attachment, a .zipx file is a ZIP archive compressed using the most recent compression methods of the WinZip archiver to provide optimal results. 

The messages claim to be from a “Purchase Manager” of organizations that are being spoofed by attackers, they use an attachment named “NEW PURCHASE ORDER.pdf*.zipx” which is actually an image binary file.

Read more…