The QBot banking Trojan operators return with yet another spam wave using the same hijacked email thread technique. The emails come as thread replies, similar to what Emotet does to add legitimacy and make detection harder. They contain zip attachments aptly named ElectionInterference_[8 to 9 digits].zip. The extracted file is an Excel spreadsheet that has been crafted as if it were a secure DocuSign file. Malwarebytes users were already protected against this attack thanks to our Anti-Exploit technology.”]