A newish (has been seen since 2017 in EU and Brazil) threat that may be hard for some traditional AV tools to detect has been dubbed “Astaroth”. It uses a .LNK link in an email to set itself up using legitimate OS & AV processes. Basic precaution is DON’T click on links in emails unless you are very sure they are genuine.
To read more about this fileless threat (it doesn’t come as a downloadable file) see:
To be clear, the email apparently contains a link to a website that hosts a .LNK file, that you then need to download and run. Don’t click email links!