This crafty email scam smuggles malware behind .zipx files

News
By Joel Khalili
published

Cybercriminals have found a sneaky new way to bypass security filters

compression
(Image credit: Shutterstock / rupadaratan)

Researchers have identified a new email scam that applies a number of crafty techniques to bypass security filters and infect victims with malware.

As described in a blog post from security firm Trustwave, cybercriminals are abusing file compression techniques to smuggle NanoCore malware into inboxes.

By concealing the malicious executable within a .zipx file, the scam operators improve their chances of circumventing security protections. The .zipx file is also dressed up as a PDF, complete with an Adobe Acrobat icon, in a bid to trick the victim into opening the attachment without thinking twice.

Once the .zipx file is unpacked by the recipient, using archive utilities WinRAR or 7zip (interestingly, WinZip fails to extract the executable), the remote access trojan (RAT) infects the device and relays any stolen data to command and control servers.

.zipx email scam

Although the scammers have gone to extreme lengths to conceal the malicious email attachment, the rest of the scam lacks the same level of sophistication.

The sender poses as a purchasing manager in urgent need of services, presumably in an attempt to prey on businesses struggling to survive under the strain of the pandemic. However, the email itself has all the hallmarks of malspam.

There are multiple errors of spelling and grammar, the sentence structure is awkward and the message is addressed to “Sir/Madam” as opposed to a specific recipient. As with many phishing and malspam campaigns, the opportunity offered up by the sender is also too good to be true.

In other words, the email gives the recipient every opportunity to identify the message as a fake.

As ever, to protect against email-based attacks of this kind, users are advised never to download unsolicited attachments from unknown sources, to scrutinize emails for errors that might betray a scam and to protect their machines with a leading antivirus solution.

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.