Security News > 2023 > January > Hackers now use Microsoft OneNote attachments to spread malware
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam attachments: Microsoft OneNote attachments.
As Microsoft OneNote is installed by default in all Microsoft Office/365 installations, even if a Windows user does not use the application, it is still available to open the file format.
The attachments look like a file's icon in OneNote, so the threat actors overlay a big 'Double click to view file' bar over the inserted VBS attachments to hide them.
Cybersecurity researcher James confirmed this, telling BleepingComputer that the OneNote attachments he analyzed installed the AsyncRAT and XWorm remote access trojans.
News URL
Related news
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)