Security News > 2023 > January > Hackers now use Microsoft OneNote attachments to spread malware
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam attachments: Microsoft OneNote attachments.
As Microsoft OneNote is installed by default in all Microsoft Office/365 installations, even if a Windows user does not use the application, it is still available to open the file format.
The attachments look like a file's icon in OneNote, so the threat actors overlay a big 'Double click to view file' bar over the inserted VBS attachments to hide them.
Cybersecurity researcher James confirmed this, telling BleepingComputer that the OneNote attachments he analyzed installed the AsyncRAT and XWorm remote access trojans.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)