Security researchers analyzing malicious spam campaigns noticed an increase in delivering malware in disk image file formats, ISO being the most prevalent. ISO is more popular and easier to unpack than other formats that require proprietary software to mount. Trustwave believes that cybercriminals have started to experiment more with disk image archives to conceal their malware in a way that slips past security solutions. The most popular threats delivered this way are remote access tools (NanoCore, Remcos) and LokiBot information stealer.
Source: https://www.bleepingcomputer.com/news/security/uptick-seen-in-iso-email-attachments-delivering-malware/