Malspam Campaigns Using IQY Attachments to Bypass AV Filters and Install RATs

Discussion in '0-day Release' started by silversurfer, Jun 8, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Malspam campaigns, such as ones being distributed by Necurs, are utilizing a new attachment type that is doing a good job in bypassing antivirus and mail filters. These IQY attachments are called Excel Web Query files and when opened will attempt to pull data from external sources.

    The problem is that the external data being imported by the spreadsheet can also be a formula that will be executed by Excel. These formulas can then be used to locally launch PowerShell scripts that download and install malware onto the computer, which is explained later in the article.

    According to a report by Barkly, there have been three spam campaigns utilizing IQY attachments. The first one was discovered on May 25th by MyOnlineSecurity where he reported how well they were bypassing AV filters. A second campaign was discovered by security researcher Magni R. Sigurdsson, and a third campaign was discovered again by MyOnlineSecurity today.

    Full Article:
    Der.Reisende and RGiskardR like this.
  2. Google Adsense

Share This Page