Security News > 2023 > January > Hackers now use Microsoft OneNote attachments to spread malware
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam attachments: Microsoft OneNote attachments.
As Microsoft OneNote is installed by default in all Microsoft Office/365 installations, even if a Windows user does not use the application, it is still available to open the file format.
The attachments look like a file's icon in OneNote, so the threat actors overlay a big 'Double click to view file' bar over the inserted VBS attachments to hide them.
Cybersecurity researcher James confirmed this, telling BleepingComputer that the OneNote attachments he analyzed installed the AsyncRAT and XWorm remote access trojans.
News URL
Related news
- Hackers weaponize Microsoft Visual Studio add-ins to push malware (source)
- Hackers backdoor Microsoft IIS servers with new Frebniis malware (source)
- Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection (source)
- Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts (source)
- Hackers use new IceBreaker malware to breach gaming companies (source)
- Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (source)
- New QakNote attacks push QBot malware via Microsoft OneNote files (source)
- Russian Hackers Using Graphiron Malware to Steal Data from Ukraine (source)
- Hacker develops new 'Screenshotter' malware to find high-value targets (source)
- Hackers use fake crypto job offers to push info-stealing malware (source)