. https://threatpost.com/malspam-emails-blanket-lokibot-nanocore-malware-with-iso-files/145991/
blog article
A new malicious campaign is spreading LokiBot and NanoCore trojans under the guise of an ISO file claiming to be an invoice. An ongoing spam campaign has been spotted using ISO disk image file attachments to disguise various information-stealing trojans, including LokiBot and NanoCore. Researchers said that they first spotted the malware-laced spam emails being distributed in April 2019. Spam sent to victims claim to be a generic message about an invoice for the victim and include an ISO file as an attachment. In reality, the attachment contains various payloads – including the LokiBot and NanoCore remote access trojan. “Malspam campaign continues to mix and match various new and old techniques to stay relevant,” NetSkope researchers said in a Tuesday analysis. “Choosing an image file as an attachment indicates that they are intending to defeat email filters and scanners who generally whitelist such file types. Researchers did not give further details about the number and type of victims in the campaign, but said that the generic message about an invoice in the initial malspam email “indicates that the spam campaigns are not targeted toward any particular individuals or enterprises. READ MORE