Phishing campaigns delivering malware, such as DarkGate and PikaBot, are using tactics similar to those previously seen in attacks involving the QakBot trojan. These tactics include hijacked email threads as the initial infection, URLs with unique patterns, and an infection chain similar to QakBot delivery. DarkGate and PikaBot are attractive options for cybercriminals because they can deliver additional payloads to compromised hosts. DarkGate uses advanced techniques to evade antivirus systems and can log keystrokes, execute PowerShell, and implement a reverse shell for remote control. The phishing campaign targets a wide range of sectors and uses booby-trapped URLs in hijacked email threads to propagate the attack. The attacks can lead to the delivery of various malicious files, such as crypto mining software, reconnaissance tools, or ransomware.