Security News > 2023 > January > Hackers now use Microsoft OneNote attachments to spread malware
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam attachments: Microsoft OneNote attachments.
As Microsoft OneNote is installed by default in all Microsoft Office/365 installations, even if a Windows user does not use the application, it is still available to open the file format.
The attachments look like a file's icon in OneNote, so the threat actors overlay a big 'Double click to view file' bar over the inserted VBS attachments to hide them.
Cybersecurity researcher James confirmed this, telling BleepingComputer that the OneNote attachments he analyzed installed the AsyncRAT and XWorm remote access trojans.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)