Perception Point » News » Hackers Are Exploiting OneNote Attachments to Launch Malware Attacks

March 12, 2023

Hackers Are Exploiting OneNote Attachments to Launch Malware Attacks

Hackers are using OneNote attachments in phishing emails, installing malware, and gaining unauthorized access to passwords.

Malicious actors exploit frequent feature updates to OneNote by Microsoft to use double-clicks on spam emails, which automatically runs a script, installing malware from remote sites into the user’s computer.

OneNote is one of the highly popular components of the Microsoft 365 package that is even now being updated by the company. However, the frequent beta testing of the product has resulted in hackers exploiting vulnerabilities for phishing-based malware attacks. Now security professionals have set warning bells about malicious actors using OneNote attachments to surreptitiously install malware into user devices.

The warning was initially sent through a tweet by Perception Point Attack Trends, reporting on the vulnerability. The malware can be used not only to steal passwords but also to attack cryptocurrency wallets or even install other additional software on an unsuspecting user’s device.

Initially, Microsoft removed the use of macros in its Office documents, cutting off hackers from using Excel and Word documents for spreading malware. Furthermore, Microsoft has also disabled users from accessing zip and ISO files without first going through security warnings.

Here Is How the Attack Works

Hackers have found ways to circumvent the block on macros, delivering malware. The emails designed for phishing can include things such as fake invoices, deliveries, or notifications, among others.

In most cases, the emails will have blurred-out images with text stating ‘Double Click to View File.’ However, doing so actually runs a malicious Visual Basic script file that starts communications with a remote server to install malware, including a variety of trojans.

Microsoft has already halted cryptocurrency mining on its platform, which has often been linked to unauthorized account access. This has significantly reduced cloud service degradation and disruption.

However, to adequately protect themselves, it is vital for OneNote users not to disregard warnings by the application and use multi-factor authentication, antivirus, and firewalls wherever possible. It is also crucial that they do not download attachments from email links they are not familiar with.

This article first appeared in Spiceworks on February 3, 2023, written by Anuj Mudaliar.

Don't miss out on any industry updates.

Sign up for our newsletter!

TALK TO SALES

Hackers Are Exploiting OneNote Attachments to Launch Malware Attacks

Don't miss out on any industry updates.

Sign up for our newsletter!

Ready to Try
Perception Point?

Learn More

Beyond Add-Ons: Elevating Browser Governance Against Malicious and Risky Extensions

Nespress-Oh No! Phishing Attack Exploits Nespresso Open Redirect Vulnerability

Professionally Hooked: Microsoft Two-Step Phishing Campaign Targets LinkedIn Users

Behind the Attack: Evasive HTML Spear Phishing

Evolving Email Security with Embedding Space and AI-powered Subject Analyzer

Operation PhantomBlu: New and Evasive Method Delivers NetSupport RAT

Hackers Are Exploiting OneNote Attachments to Launch Malware Attacks

Don't miss out on any industry updates.

Sign up for our newsletter!

Ready to Try Perception Point?

Learn More

Beyond Add-Ons: Elevating Browser Governance Against Malicious and Risky Extensions

Nespress-Oh No! Phishing Attack Exploits Nespresso Open Redirect Vulnerability

Professionally Hooked: Microsoft Two-Step Phishing Campaign Targets LinkedIn Users

Behind the Attack: Evasive HTML Spear Phishing

Evolving Email Security with Embedding Space and AI-powered Subject Analyzer

Operation PhantomBlu: New and Evasive Method Delivers NetSupport RAT

Ready to Try
Perception Point?