Virtual disk files are locked containers that shield the items inside from online or local security defenses. The trick can help adversaries deliver malware invisibly to a target’s computer. Products that normally detected the malware samples became blind to them. Security researcher JTHL tested a sample of Agent Tesla infostealer in a 7MB-large VHD file and fed it to antivirus scanning platforms. The detection rate was negligible, according to security researchers. Neither Gmail nor Chrome can mount VHD containers, though, to check the files inside.
Source: https://www.bleepingcomputer.com/news/security/virtual-disk-attachments-can-bypass-gmail-and-chrome-security/