Trend Micro experts reported the Necurs botnet has been using Internet Query (IQY) files in recent spam campaigns to bypass security protections. Necurs was not active for a long period at the beginning of 2017 and resumed its activity in April when it was observed using a new technique to avoid detection. The campaigns using IQY file attachments feature subject and file names containing terms that refer to sales promotions, offers, and discounts, likely to disguise it as the type of information opened in Excel.”]
Source: https://securityaffairs.co/wordpress/73916/cyber-crime/necurs-iqf-attachments.html