{"id":12944,"date":"2023-01-22T02:04:44","date_gmt":"2023-01-22T07:04:44","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=12944"},"modified":"2023-01-24T02:22:15","modified_gmt":"2023-01-24T07:22:15","slug":"hackers-using-microsoft-onenote-attachments-to-spread-malware","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/","title":{"rendered":"Hackers using Microsoft OneNote attachments to Spread Malware"},"content":{"rendered":"\n<p>Hackers now using Microsoft OneNote attachments to infect victims&#8217; computers with malware. These attacks come as attachments in phishing emails. This malware can then be used to download and install other <a href=\"http:\/\/local.brightwhiz\/tag\/malware\">malware<\/a> which can be used as ransomware, steal passwords, bank details, personal details, cryptocurrency wallets, and much more.<\/p>\n\n\n\n<p>For many years, attackers have been using phishing emails to distribute malicious Word and Excel attachments that launch macros to download and install malware. The problem for these threat actors was back in July, 2022, <a href=\"http:\/\/local.brightwhiz\/tag\/microsoft\">Microsoft<\/a> disabled macros by default in <a href=\"http:\/\/local.brightwhiz\/tag\/office\">Office<\/a> documents, making distributing malware using this method unreliable.<\/p>\n\n\n\n<p>More recently, other file formats that have been used to distribute malware. Some notable examples include ISO images and password-protected ZIP files. These methods were quite desirable because of the Windows bug allowing ISOs to bypass security warnings as well as the popular 7-Zip archive utility not propagating mark-of-the-web flags to files extracted from ZIP archives. It is good to note that both of these bugs have been fixed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Spreading Malware With Microsoft OneNote Attachments<\/h2>\n\n\n\n<p>Microsoft OneNote is installed by default in all Microsoft Office and Micrsoft 365 installations. This means that the program is still available to open the OneNote file format even if the Windows user does not use the application. Microsoft OneNote is a free digital notebook application and is included in Microsoft Office 2019 and Microsoft 365.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/trojanized-onenote-document-leads-to-formbook-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cybersecurity researchers started warning<\/a> about distribution of malicious spam emails containing OneNote attachments.<\/p>\n\n\n\n<p>OneNote requires that the user dowble-clicks the attachment since it does not support Macros the way Excel and Word do. These attachments are VBS attachments that are used to download further malware from a remote site and install it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Keeping Safe From Malware<\/h2>\n\n\n\n<p>The best way to protect yourself from malicious OneNote attachments is to not open files from people you do not know. If you mistakenly open a file, heed to the warnings displayed by the operating system or application.<\/p>\n\n\n\n<p>If in doubt share your concerns with your office administrator for further help.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers now using Microsoft OneNote attachments to infect victims&#8217; computers with malware. These attacks come as attachments in phishing emails. This malware can then be used to download and install&#8230;<\/p>\n","protected":false},"author":1,"featured_media":12945,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,28,16,18],"tags":[62,364,379,1249,526,542,591,646],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hackers Using Microsoft OneNote attachments to Spread Malware<\/title>\n<meta name=\"description\" content=\"Hackers using Microsoft OneNote attachments to spread with malware in phishing emails to steal passwords and much more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Using Microsoft OneNote attachments to Spread Malware\" \/>\n<meta property=\"og:description\" content=\"Hackers using Microsoft OneNote attachments to spread with malware in phishing emails to steal passwords and much more.\" \/>\n<meta property=\"og:url\" content=\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightwhiz.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/brightwhiz\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-22T07:04:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-24T07:22:15+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"680\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Bright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:site\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Bright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\"},\"author\":{\"name\":\"Michael Bright\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\"},\"headline\":\"Hackers using Microsoft OneNote attachments to Spread Malware\",\"datePublished\":\"2023-01-22T07:04:44+00:00\",\"dateModified\":\"2023-01-24T07:22:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\"},\"wordCount\":341,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg\",\"keywords\":[\"Applications\",\"Malware\",\"Microsoft\",\"Office\",\"Security\",\"Software\",\"Tools\",\"Windows\"],\"articleSection\":[\"News\",\"Software\",\"Technology\",\"Tools\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\",\"url\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\",\"name\":\"Hackers Using Microsoft OneNote attachments to Spread Malware\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg\",\"datePublished\":\"2023-01-22T07:04:44+00:00\",\"dateModified\":\"2023-01-24T07:22:15+00:00\",\"description\":\"Hackers using Microsoft OneNote attachments to spread with malware in phishing emails to steal passwords and much more.\",\"breadcrumb\":{\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg\",\"width\":1280,\"height\":680,\"caption\":\"OneNote attachments malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/local.brightwhiz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers using Microsoft OneNote attachments to Spread Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/local.brightwhiz\/#website\",\"url\":\"http:\/\/local.brightwhiz\/\",\"name\":\"Brightwhiz.com\",\"description\":\"Best Tech guides, Tutorials, and News\",\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/local.brightwhiz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/local.brightwhiz\/#organization\",\"name\":\"Brightwhiz\",\"url\":\"http:\/\/local.brightwhiz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"width\":706,\"height\":135,\"caption\":\"Brightwhiz\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/brightwhiz\/\",\"https:\/\/twitter.com\/brightwhizmag\",\"https:\/\/instagram.com\/bright_whiz\/\",\"https:\/\/www.pinterest.com\/sobbayi\/\",\"https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\",\"name\":\"Michael Bright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"caption\":\"Michael Bright\"},\"sameAs\":[\"https:\/\/sobbayi.com\"],\"url\":\"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Using Microsoft OneNote attachments to Spread Malware","description":"Hackers using Microsoft OneNote attachments to spread with malware in phishing emails to steal passwords and much more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Using Microsoft OneNote attachments to Spread Malware","og_description":"Hackers using Microsoft OneNote attachments to spread with malware in phishing emails to steal passwords and much more.","og_url":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/","og_site_name":"Brightwhiz.com","article_publisher":"https:\/\/www.facebook.com\/brightwhiz\/","article_published_time":"2023-01-22T07:04:44+00:00","article_modified_time":"2023-01-24T07:22:15+00:00","og_image":[{"width":1280,"height":680,"url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg","type":"image\/jpeg"}],"author":"Michael Bright","twitter_card":"summary_large_image","twitter_creator":"@brightwhizmag","twitter_site":"@brightwhizmag","twitter_misc":{"Written by":"Michael Bright","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#article","isPartOf":{"@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/"},"author":{"name":"Michael Bright","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32"},"headline":"Hackers using Microsoft OneNote attachments to Spread Malware","datePublished":"2023-01-22T07:04:44+00:00","dateModified":"2023-01-24T07:22:15+00:00","mainEntityOfPage":{"@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/"},"wordCount":341,"commentCount":0,"publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"image":{"@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg","keywords":["Applications","Malware","Microsoft","Office","Security","Software","Tools","Windows"],"articleSection":["News","Software","Technology","Tools"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/","url":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/","name":"Hackers Using Microsoft OneNote attachments to Spread Malware","isPartOf":{"@id":"http:\/\/local.brightwhiz\/#website"},"primaryImageOfPage":{"@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage"},"image":{"@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg","datePublished":"2023-01-22T07:04:44+00:00","dateModified":"2023-01-24T07:22:15+00:00","description":"Hackers using Microsoft OneNote attachments to spread with malware in phishing emails to steal passwords and much more.","breadcrumb":{"@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#primaryimage","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2023\/01\/OneNote-attachments-malware.jpg","width":1280,"height":680,"caption":"OneNote attachments malware"},{"@type":"BreadcrumbList","@id":"http:\/\/local.brightwhiz\/hackers-using-microsoft-onenote-attachments-to-spread-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/local.brightwhiz\/"},{"@type":"ListItem","position":2,"name":"Hackers using Microsoft OneNote attachments to Spread Malware"}]},{"@type":"WebSite","@id":"http:\/\/local.brightwhiz\/#website","url":"http:\/\/local.brightwhiz\/","name":"Brightwhiz.com","description":"Best Tech guides, Tutorials, and News","publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/local.brightwhiz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/local.brightwhiz\/#organization","name":"Brightwhiz","url":"http:\/\/local.brightwhiz\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","width":706,"height":135,"caption":"Brightwhiz"},"image":{"@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/brightwhiz\/","https:\/\/twitter.com\/brightwhizmag","https:\/\/instagram.com\/bright_whiz\/","https:\/\/www.pinterest.com\/sobbayi\/","https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ"]},{"@type":"Person","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32","name":"Michael Bright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","caption":"Michael Bright"},"sameAs":["https:\/\/sobbayi.com"],"url":"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/"}]}},"_links":{"self":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/12944"}],"collection":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/comments?post=12944"}],"version-history":[{"count":0,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/12944\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media\/12945"}],"wp:attachment":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media?parent=12944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/categories?post=12944"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/tags?post=12944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}