From securityaffairs.co
Researchers at Trustwave have spoted a new malspam campaign that is abusing icon files to trick victims into executing the NanoCore remote access Trojan.
The emails use a .zipx file attachment, a .zipx file is a ZIP archive compressed using the most recent compression methods of the WinZip archiver to provide optimal results.
The messages claim to be from a “Purchase Manager” of organizations that are being spoofed by attackers, they use an attachment named “NEW PURCHASE ORDER.pdf*.zipx” which is actually an image binary file.