What is the issue - A phishing campaign disguised as delivery emails which are replies to existing email threads, delivers the Qbot trojan.
The big picture
JASK SpecOps security researchers described the delivery mechanism of Qbot trojan.
“The delivery mechanism for this Qbot infection was a phishing campaign where the targeted user received an email containing a link to an online document. Interestingly enough, the delivery email was actually a reply to a pre-existing email thread,” researchers said in a case study.
“The dropper executes a stage two download, which SpecOps diagnosed as Qbot-related due to open source reporting and VirusTotal signature detection,” researchers said.