Multiple malicious campaigns observed in April concealed LokiBot and Nanocore malware inside ISO image files small enough to fit into an email attachment. Security researchers discovered 10 variants of this type of campaign, with variations in the ISO images and messages delivered to potential victims. The endeavors appear to follow the “spray and pray”” principle as they did not target specific individuals or businesses. Both threats are regularly seen in business email compromise (BEC) scams from Nigerian attackers that researchers at Palo Alto Networks dubbed SilverTerrier.”
Source: https://www.bleepingcomputer.com/news/security/malspam-campaigns-hide-infostealers-in-iso-image-files/