The Necurs Botnet, DarkHydrus and other threat actors are turning to the inconspicuous files. Microsoft Excel uses a URL embedded into an IQY file attachment to pull data from the internet into a spreadsheet. Because IQY files are not commonly seen, it makes them an attractive target for threat actors to insert malicious URLs into them, which are then executed when a victim opens it. X-Force researchers said they caught over 780,000 spam emails containing the tricky attachments from the Necurs resources in their spam traps.
Source: https://threatpost.com/threat-actors-eyeing-iqy-files-to-peddle-malspam/137279/