With the .IQY malware being a hot topic in recent months, it comes as no surprise that it has adapted to become another variant that uses the embedding capability of PDFs. It still uses email as the same infection vector. However, instead of the attachment being directly an .IQY file, it is now a .PDF file that contains an .IQY file inside it.

These spammed messages have spoofed From headers, it usually carries random four letters in the Subject, a signature in the email body of the sender posing as a high-ranking employee of a certain company that contradicts the email address used to send the email, and an attachment that uses the current date as its name to pose as a normal file.

But as previously mentioned, the PDF contains an .IQY file inside it. Users should be cautious when encountering suspicious attachments especially from an unknown source. If possible, embedded files should never be allowed to automatically be opened by your PDF readers. This kind of attachment is already detected by Trend Micro products as TROJ_IQWAY.A.

 Fecha/hora de bloqueo del spam: 18 de agosto de 2018 GMT-8
 TMASE
  • Motor TMASE: 8.0
  • Patrón TMASE: 038