I thought they already moved on to encrypted ZIP archives which can't be extracted by automation since the password to decrypt them is hidden carefully in the text of the message
Surely there comes a point at which the usual tech-illiterate victims of email malware become unable to actually open the payload?