Malware News Beware: Hackers now use OneNote attachments to spread malware

Content source
https://www.bleepingcomputer.com/news/security/beware-hackers-now-use-onenote-attachments-to-spread-malware/
Gandalf_The_Grey

Gandalf_The_Grey

Level 69
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,807
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.

This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.

However, in July, Microsoft finally disabled macros by default in Office documents, making this method unreliable for distributing malware.

Soon after, threat actors began utilizing new file formats, such as ISO images and password-protected ZIP files. These file formats soon became extremely common, aided by a Windows bug allowing ISOs to bypass security warnings and the popular 7-Zip archive utility not propagating mark-of-the-web flags to files extracted from ZIP archives.

However, both 7-Zip and Windows recently fixed these bugs causing Windows to display scary security warnings when a user attempts to open files in downloaded ISO and ZIP files.

Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam (malspam) attachments: Microsoft OneNote attachments.
Click to expand...
Protecting against these threats

Once installed, this type of malware allows threat actors to remotely access a victim’s device to steal files, saved browser passwords, take screenshots, and in some cases, even record video using webcams.

Threat actors also commonly use remote access trojans to steal cryptocurrency wallets from victims' devices, making this a costly infection.

The best way to protect yourself from malicious attachments is to simply not open files from people you do not know. However, if you mistakenly open a file, do not disregard warnings displayed by the operating system or application.

If you see a warning that opening an attachment or link could harm your computer or files, simply do not press OK and close the application.

If you feel it may be a legitimate email, share it with a security or Windows admin to help you verify if the file is safe.
Click to expand...
www.bleepingcomputer.com

Hackers now use Microsoft OneNote attachments to spread malware

Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
www.bleepingcomputer.com www.bleepingcomputer.com
First noticed by @upnorth :
@NoVirusThanks has a post on it
malwaretips.com

Update - Microsoft OneNote (.One File Extension) Attachment Delivers AsyncRAT

Users reported some malicious Microsoft OneNote documents in the past days that lead to AsyncRAT, a remote administration tool used to control and monitor other computers. While it is common to see Microsoft Word, Excel and PowerPoint maldocs distributed via emails, OneNote maldocs are something...
malwaretips.com malwaretips.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: ForgottenSeer 99372, Stopspying, harlan4096 and 6 others
SeriousHoax

SeriousHoax

Level 44
Verified
Top Poster
Well-known
Mar 16, 2019
3,393
I saw this more than a week ago on Twitter. I was thinking to myself, why now? As I started to use OneNote since last month after having multiple syncing issues with Sticky Notes (which Microsoft has already abandoned).
Have to be careful with opening this kind of attachment.
 
  • Like
Reactions: Stopspying, Correlate and Gandalf_The_Grey
Correlate

Correlate

Level 16
Verified
Top Poster
Well-known
May 4, 2019
799

How to prevent Microsoft OneNote files from infecting Windows with malware​

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows.
To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.
Threat actors have been abusing macros in Microsoft Word and Excel documents for years to download and install malware on Windows devices.
Click to expand...
www.bleepingcomputer.com

How to prevent Microsoft OneNote files from infecting Windows with malware

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Andy Ful, Gandalf_The_Grey, harlan4096 and 1 other person

Similar threads

silversurfer
    • Like
    • +Reputation
Malware News Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Replies
1
Views
277
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
    • Thanks
Malware News Hackers use fake crypto job offers to push info-stealing malware
Replies
0
Views
117
Security News
silversurfer
silversurfer
Correlate
    • +Reputation
    • Like
    • Wow
Security News Beware: njRAT Malware Has Entered the Discord
Replies
0
Views
223
Security News
Correlate
Correlate

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top