QakBot (also known as PinkSlip) relies on exploit kits and spam campaigns to target unsuspecting webmail users. A successful attack activates a JavaScript dropper, which delays its execution on the off chance it’s landed in a sandbox environment.

Read full news article on Graham Cluley