Home » Technology » Microsoft » Microsoft OneNote Attachments Are Used To Spread Malware By Hackers

Microsoft OneNote Attachments Are Used To Spread Malware By Hackers

The warnings about manipulated Word and Excel attachments in emails that spread malicious code must now be supplemented with another format: Cyber ​​criminals are currently increasingly using OneNote to lure victims into the trap.

That’s according to a new analysis. As the online magazine Bleeping Computer reports, cybercriminals have been trying to change their spam campaigns since December.

Hackers are now using Microsoft OneNote attachments to spread malware. OneNote attachments are used in phishing emails that infect victims with remote access malware that can be used to install more malware and steal passwords or cryptocurrency wallets.

Since Microsoft did a good job of security last year and deactivated macros in Office documents by default, Word and Excel attachments are no longer as effective for spreading Trojans and the like. In addition, a few users are still considering the possibility of having tampered OneNote attachments sent to them.

OneNote attachments Misuse

Microsoft OneNote is a popular digital notebook application that is free and included with Microsoft 365. Since Microsoft OneNote is installed by default in all Microsoft Office/365 installations, the file format can be opened even if a Windows user does not use the application themselves. This is a great advantage for cybercriminals.

Since mid-December, cybersecurity researchers from Trust Wave, among others, have been warning that threat actors are spreading malicious spam emails with OneNote attachments. There is now a long list of known emails, including alleged DHL package information or invoices. Unlike Word and Excel, OneNote doesn’t support macros, which threat actors used to launch scripts to install malware. Instead, buttons are inserted into the notebooks themselves, which start the malicious attachment when double-clicked. This launches a script that downloads and installs malware.

Once malware is installed via the script, threat actors can remotely access the device, steal files, harvest browser passwords, and more.

When launching OneNote attachments, Windows warns that this can harm your computer and data and that you should only load attachments from known people. But these notes are often ignored and quickly clicked away, so the cybercriminals are currently having a lot of success with their new OneNote tactic.