A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team. Qbot (also known as QakBot and Pinkslipbot) is a quite old yet still active and continuously evolving banking Trojan. The delivery mechanism for this Qbot infection was a phishing process where the targeted user received an email containing a link to an online document. Interestingly enough, the delivery email was actually a reply to a pre-existing email thread.
Source: https://www.bleepingcomputer.com/news/security/qbot-malware-dropped-via-context-aware-phishing-campaign/