The Necurs botnet is the worlds largest spam botnet, it is composed of millions of infected computers worldwide. Crooks are sending out an email to a potential victim containing an archive file that once unzipped will present a file with the extension of.URL. The extension is associated with Windows shortcut file that opens an URL into a browser, in the campaign it points to a remote script file that downloads and executes a final payload. The abuse of.URL files is a novelty for Necurs operators, according to the researchers.”]
Source: https://securityaffairs.co/wordpress/71837/malware/necurs-evasion-technique.html