Security News > 2023 > January > Hackers now use Microsoft OneNote attachments to spread malware

Hackers now use Microsoft OneNote attachments to spread malware
2023-01-21 16:15

Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.

This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.

Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam attachments: Microsoft OneNote attachments.

As Microsoft OneNote is installed by default in all Microsoft Office/365 installations, even if a Windows user does not use the application, it is still available to open the file format.

The attachments look like a file's icon in OneNote, so the threat actors overlay a big 'Double click to view file' bar over the inserted VBS attachments to hide them.

Cybersecurity researcher James confirmed this, telling BleepingComputer that the OneNote attachments he analyzed installed the AsyncRAT and XWorm remote access trojans.

News URL

Related vendor

Microsoft 633 1023 4981 2707 4020 12731