Researchers have identified a new email scam that applies a number of crafty techniques to bypass security filters and infect victims with malware.
As described in a blog post from security firm Trustwave, cybercriminals are abusing file compression techniques to smuggle NanoCore malware into inboxes.
By concealing the malicious executable within a .zipx file, the scam operators improve their chances of circumventing security protections. The .zipx file is also dressed up as a PDF, complete with an Adobe Acrobat icon, in a bid to trick the victim into opening the attachment without thinking twice.
Once the .zipx file is unpacked by the recipient, using archive utilities WinRAR or 7zip (interestingly, WinZip fails to extract the executable), the remote access trojan (RAT) infects the device and relays any stolen data to command and control servers.
.zipx email scam
Although the scammers have gone to extreme lengths to conceal the malicious email attachment, the rest of the scam lacks the same level of sophistication.
The sender poses as a purchasing manager in urgent need of services, presumably in an attempt to prey on businesses struggling to survive under the strain of the pandemic. However, the email itself has all the hallmarks of malspam.
There are multiple errors of spelling and grammar, the sentence structure is awkward and the message is addressed to “Sir/Madam” as opposed to a specific recipient. As with many phishing and malspam campaigns, the opportunity offered up by the sender is also too good to be true.
In other words, the email gives the recipient every opportunity to identify the message as a fake.
As ever, to protect against email-based attacks of this kind, users are advised never to download unsolicited attachments from unknown sources, to scrutinize emails for errors that might betray a scam and to protect their machines with a leading antivirus solution.