Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. A string in the malware indicates that this trojan is now the partner of choice for EmOTet. Researchers and system administrators united under the name Cryptolaemus saw today that the threat actor replaced TrickBot distribution across all epochs. All three actors are part of the same Russian-speaking community and have been interacting for a long time.
Source: https://www.bleepingcomputer.com/news/security/emotet-botnet-is-now-heavily-spreading-qakbot-malware/