A new outbreak of malicious spam is attempting to trick users with warnings of 'nuclear explosions' in nearby regions.

Security firm Sophos found the attacks circulating in the UK and Australia, while users have also reported a version of the spam localised for Canada.

The UK version of the message claims that the explosion occurred at a "UK nuclear power station located in the suburbs of London" at roughly 3pm on 9 September.

The message then goes on to claim that the incident is being covered up and that photos of the victims' bodies are in the attached file.

When the user opens the 'victims. zip' file, a malware infection is launched. Among the malicious payload is spyware and data-stealing malware.

Sophos senior technology consultant Graham Cluley said in a company blog posting that, in addition to updated software and antivirus protection, users should follow best practice of not opening suspicious attachments.

"Rather than use a real-life event, the hackers have turned to fictional explosions and conspiracy theories in the hope they will strike a nerve with potential victims who will then click on the attachment without a second thought," he wrote.

"Alarm bells should be sounding, but until everyone wakes up to these social engineering tactics the cyber-criminals will continue to use them."

Fabricating news stores is becoming an increasingly common tactic for distributing malware. Earlier this year, a high-profile spam run centered around stories of the US launching an attack on Iran.

The infamous Storm worm also made use of fake news. The malware botnet attempted to lure in new victims through reports of earthquakes in Paris and the kidnapping of Donald Trump.