Hackers now using Microsoft OneNote attachments to infect victims’ computers with malware. These attacks come as attachments in phishing emails. This malware can then be used to download and install other malware which can be used as ransomware, steal passwords, bank details, personal details, cryptocurrency wallets, and much more.
For many years, attackers have been using phishing emails to distribute malicious Word and Excel attachments that launch macros to download and install malware. The problem for these threat actors was back in July, 2022, Microsoft disabled macros by default in Office documents, making distributing malware using this method unreliable.
More recently, other file formats that have been used to distribute malware. Some notable examples include ISO images and password-protected ZIP files. These methods were quite desirable because of the Windows bug allowing ISOs to bypass security warnings as well as the popular 7-Zip archive utility not propagating mark-of-the-web flags to files extracted from ZIP archives. It is good to note that both of these bugs have been fixed.
Spreading Malware With Microsoft OneNote Attachments
Microsoft OneNote is installed by default in all Microsoft Office and Micrsoft 365 installations. This means that the program is still available to open the OneNote file format even if the Windows user does not use the application. Microsoft OneNote is a free digital notebook application and is included in Microsoft Office 2019 and Microsoft 365.
Cybersecurity researchers started warning about distribution of malicious spam emails containing OneNote attachments.
OneNote requires that the user dowble-clicks the attachment since it does not support Macros the way Excel and Word do. These attachments are VBS attachments that are used to download further malware from a remote site and install it.
Keeping Safe From Malware
The best way to protect yourself from malicious OneNote attachments is to not open files from people you do not know. If you mistakenly open a file, heed to the warnings displayed by the operating system or application.
If in doubt share your concerns with your office administrator for further help.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.
