New Attack Uses Fake Icon To Deliver Trojan

Healthcare Info Security

Akshaya Asokan

A new malspam campaign is delivering the NanoCore remote access Trojan as a malicious Adobe icon to infect its victims, a new report by security firm Trustwave finds.

The campaign begins with the attackers sending an email with an attachment called "NEW PURCHASE ORDER.pdf*.zipx." The attachment is an Abobe image file in RAR format, which, when unzipped using WinRAR or 72ip, downloads the NanoCore Trojan onto the victims' device.

"The motive behind the campaign is to hide the malicious executable from anti-malware and email scanners by abusing the file format of the ".zipx" attachment, which in this case is an Icon file with added surprises," the report notes.

NanoCore Capabilities
NanoCore RAT, also known as Nancrat, has been...

Get the Morning Update

Thanks for subscribing!