It's been a summer of experimentation for attackers leveraging the Necurs botnet. In late May and early June, large waves of Necurs-distributed spam emails were spotted carrying malicious Excel Web Query (.iqy) files. These legitimate, deceptively simple files blew right past email filters and antivirus scanners on their way to infecting victims with a second-stage payload (the FlawedAmmyy RAT).
Article Link: https://blog.barkly.com/wiz-file-malware-necurs-campaign