Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
Content source
https://thehackernews.com/2023/02/post-macro-world-sees-rise-in-microsoft.html
In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Enterprise security firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone.

In some instances, the email phishing lures contain a OneNote file, which, in turn, embeds an HTA file that invokes a PowerShell script to retrieve a malicious binary from a remote server.

Other scenarios entail the execution of a rogue VBScript that's embedded within the OneNote document and concealed behind an image that appears as a seemingly harmless button. The VBScript, for its part, is designed to drop a PowerShell script to run DOUBLEBACK.

"It is important to note, an attack is only successful if the recipient engages with the attachment, specifically by clicking on the embedded file and ignoring the warning message displayed by OneNote," Proofpoint said.
Click to expand...
thehackernews.com

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Watch out! Microsoft OneNote documents are the latest weapon of choice for cybercriminals to spread malware.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Nevi, vtqhtr413, Andy Ful and 4 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,256
Microsoft OneNote to get enhanced security after recent malware abuse
Microsoft will introduce improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files.

In a new Microsoft 365 roadmap entry published today titled "Microsoft OneNote : improved protection against known high risk phishing file types," the company revealed that this change would likely reach general availability sometime before the end of April 2023.

"We add enhanced protection when users open or download an embedded file in OneNote," Redmond explained.

"Users will receive a notification when the files deem dangerous to improve the file protection experience in OneNote on Windows."

This comes after a recent wave of phishing attacks where threat actors used maliciously crafted OneNote documents with '.one' file extensions and embedded files hidden behind overlays asking the targets to click to view the document.

Double-clicking launches the embedded file, which might seem innocuous but can have severe consequences.

Sadly, even when receiving security warnings, users often ignore them and allow the file to run, potentially putting their entire corporate network at risk.
Click to expand...
www.bleepingcomputer.com

Microsoft OneNote to get enhanced security after recent malware abuse

Microsoft is working on introducing improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Andy Ful, upnorth, Nevi and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
New IcedID variants shift from bank fraud to malware delivery
Replies
0
Views
993
News Archive
silversurfer
silversurfer
vtqhtr413
    • +Reputation
    • Like
Stealthy Malware Spreading Remcos RAT and Formbook in Europe
Replies
0
Views
1,068
News Archive
vtqhtr413
vtqhtr413
silversurfer
    • Like
    • +Reputation
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland
Replies
0
Views
1,315
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top