From securityaffairs.co
![malspam icon files](https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/03/malspam-icon-files.jpg?resize=606%2C274&ssl=1)
Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims into executing the NanoCore remote access Trojan.
The emails use a .zipx file attachment, a .zipx file is a ZIP archive compressed using the most recent compression methods of the WinZip archiver to provide optimal results.
The messages claim to be from a “Purchase Manager” of organizations that are being spoofed by attackers, they use an attachment named “NEW PURCHASE ORDER.pdf*.zipx” which is actually an image binary file.