Security News > 2020 > March > Microsoft OneNote Used To Sidestep Phishing Detection
A phishing campaign was recently discovered leveraging OneNote, Microsoft's digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims' systems.
The attacker was utilizing OneNote as a way to easily experiment with various lures that either delivered the credential-stealing Agent Tesla keylogger or linked to a phishing page - or both.
Over the span of two weeks, researchers said that threat actors swapped out the layout of this OneNote page, cycling between four different templates to deliver a credential phishing portal and unique malware samples.
The use of OneNote also allowed threat actors to slip their phishing attack against traditional defenses set up in environments protected by Microsoft Exchange Online Protection and FireEye enterprise gateways.
Beyond OneNote being hosted on OneDrive, cybercriminals can - and have been found to - leverage a wide array of trusted cloud hosting sources for credential phishing, including documents hosted on Microsoft Sway, Microsoft SharePoint, Google Docs or even Zoho Docs.
News URL
https://threatpost.com/microsoft-onenote-sidestep-phishing-detection/153436/
Related news
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)