The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.
Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware.
Victims usually become infected with Qbot through phishing emails utilizing Excel documents that pretend to be DocSign documents, as shown below.
Read more…
Source: Bleeping Computer