Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image. The spread of threats exploiting ISO image to hide themselves is helped by the Windows functionality, introduced since Windows 8, which allows the user to easily mount this file type through a double-click on it. An interesting attack wave leveraging this technique, especially due to the particular impersonification the attacker was trying: he/they was mimicking an important Italian Manufacturing company. Using our custom tool, we are able to extract information about the high-level techniques fielded by the malware writer to evade analysis.”]
Source: https://securityaffairs.co/wordpress/88109/malware/delphi-wrapper-rats.html

