Security researchers analyzing malicious spam campaigns noticed an increase in delivering malware in disk image file formats, .ISO being the most prevalent.
Acting as an archive-like container, a disk image is typically a clone of a physical drive that can be mounted as a virtual disk to access data on it organized with the same file structure as the original.
Cybercriminals have been using this type of file for years but researchers at Trustwave say they observed an increase in malicious ISO this year.
Among the most popular threats delivered this way are remote access tools (NanoCore, Remcos) and LokiBot information stealer.
... ...