QakBot (also known as PinkSlip) relies on exploit kits and spam campaigns to target unsuspecting webmail users. A successful attack activates a JavaScript dropper, which delays its execution on the off chance it’s landed in a sandbox environment.
Read full news article on Graham Cluley