New Flawed AMMYY RAT spam campaign infects victims’ computers

Flawed AMMYY RAT: old threat relying on a new spam campaign

FlawedAMMYY RAT spread malicious content when the victim clicks on the infected email attachment

Malicious actors have been relying on malware on a daily basis for various reasons. However, RATs^[1] have always been considered one of the most dangerous types of malware used by cybercriminals to take control of the computer remotely and infect it with the selected malware.

Flawed AMMYY RAT is considered one of the latest RATs recently discovered spreading with the help of IQY^[2] file attachments. Thanks to this type of attachment, an infected document can bypass anti-virus programs and email filters. The victim is infected once he or she opens an infected document sent via spam. When opened, malicious file connects to a remote site that downloads and installs a modified version of AMMYY Admin.

AMMYY^[3] is a legitimate software used to connect to computer's desktop remotely. At the moment, the app is used by more than 75 million individual and business users worldwide. Because of its nature, the company has already been involved in several campaigns using its name. The same can be said about this type of RAT was already used by cybercriminals in the past. This year, Ammyy was involved in the phone scam^[4] which tricked people into letting scammers connect to their phones.

Previously, software's name was used during a remote Trojan attack.^[5] After the machine was successfully compromised by the attacker, he was able to gain full access to it and steal sensitive data, such as credit card data or other account information. This activity may lead to money loss or even identity theft.

Malware spreads using a new type of files – .iqy

Throughout the years, hackers keep learning new techniques for bypassing anti-spyware and anti-virus tools. This year, researchers discovered a new type of IQY file.^[6] This file is used to bypass AV and infect a system with a Trojan that gives attackers remote access to the affected PC system. This Exel Web Query file (.iqy) is used to download data straight from the internet directly into Excel document. It is said that this strategy is very simple, yet extremely dangerous and powerful because it can be used in campaigns where PowerShell script is launched via Excel.

This year, security experts discovered the first real attack using the .iqy file. It appears that this file has legitimate uses so anti-virus and email filters cannot detect it as malicious or dangerous. The ability to download any data from the web using Excel makes this type of files even more dangerous.

Taking all the security measures to keep your data safe

You should be aware that these attacks are happening every day all over the world and cybercriminals are clever people that modify and adapt every little program used in these malicious campaigns. You as a user can think about essential security measures needed to keep your PC safe.

• Updating your OS, applications, tools, and software is important because it is the first place malware can find vulnerabilities.
• We always remind you not to open suspicious emails or their attachments.
• Back your files occasionally on external sources or the cloud.
• Keep your anti-spyware updated and running.
• Learn about possible threats because knowledge and caution are very important when dealing with cyber infections.