Wednesday, May 28, 2025
HomeComputer SecurityBeware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File

Beware!! Hackers Now Spreading Dangerous FlawedAmmyy Malware Through PDF & IQY File

Published on

SIEM as a Service

Follow Us on Google News

Cyber criminals now using IQY Files as a new technique for spreading dangerous FlawedAmmyy malware which is a dangerous backdoor tool that provides remote access to the attacker.

Attacker nowadays using new sophisticated techniques to compromise the targets by evading the security software and keep increasing the compromise success ratio.

Recently attackers using Weaponized Microsoft Publisher File(.pub)Microsoft Word and PDF Documents to deliver the FlawedAmmyy RAT.

- Advertisement - Google News

Unlike previous infection Word document, Script, JAVA files and the current method of infection are used by new IQY file type an Excel Web Query file that is used to download data from the internet.

The targeted FlawedAmmyy malware campaigns have affected the banking sector and automotive industries.

FlawedAmmyy Malware Infection Process

Attackers initially using spam or spear phishing email campaign that contains attached IQY file and PDF file.

A body of the mail content prompt victims to click and open the attached PDF file that drops embedded IQY file.

A script that works along with the PDF file helps to export the IQY files from PDF using a function called “exportDataObject”  and the file export process continue by display a  ‘open file’ dialog box.

According to QuickHeal research, The script inside of the PDF file contains “cName” parameter is a required input and the specific file attachment that will be exported. A nLaunch value of “2” directs acrobat to save the file attachment to a temporary file and then asks the operating system to open it. This is how the code is used to open the attachment file in PDF.

Once user click OK then the file will be opened in  .iqy files that will lead to retrieving the content from the URL in the file but user needs to enable the security checks.

After enabling the security concern checks then IQY file download at %temp% location of victim machine and executed and the PowerShell Process will begin.

Finally, the PowerShell script will download the exe files and execute the backdoor FlawedAmmyy that performs various malicious activities such as let attack allow to remotely control the machine, manages the files, captures the screen.

IoCs

13cc8c748ab6beab2b942a9d04679511

839e9a3ecec7e8f735875ec65f1466e0

47205fbbb191dbcab606007fd7612ba7

61fe083a43cb0c520f38537744f9ac83

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zscaler to Acquire Red Canary, Enhancing AI-Powered Security Operations

Zscaler, Inc. (NASDAQ: ZS), the global leader in cloud security, has announced a definitive...

251 Malicious IPs Target Cloud-Based Device Exploiting 75 Exposure Points

On May 8, 2025, cybersecurity researchers at GreyNoise detected a highly orchestrated scanning operation...

Threat Actors Weaponizing DCOM to Harvest Credentials on Windows Systems

Threat actors are now leveraging the often-overlooked Component Object Model (COM) and its distributed...

VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access

A malicious cyber campaign leveraging VenomRAT, a potent Remote Access Trojan (RAT), has been...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access

A malicious cyber campaign leveraging VenomRAT, a potent Remote Access Trojan (RAT), has been...

Emerging FormBook Malware Threatens Windows Users with Complete System Takeover

A critical cybersecurity threat has surfaced targeting Microsoft Windows users, as detailed in the...

Hackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner Malware

Threat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432,...