Malicious use of Microsoft OneNote documents on the rise
The use of Microsoft OneNote documents to distribute malware to unsuspecting users is picking up pace, cybersecurity researchers from Proofpoint have claimed.
OneNote is Microsoft’s digital note-taking app, which comes as part of the Office productivity suite. As such, cybercriminals can assume that most of their victims already have the app installed on their endpoints.
OneNote’s files, called NoteBooks, allow users to add attachments, which can download malware from remote locations. All users need to do is double-click the file, which they can be easily tricked into doing. Recent reports saw hackers distribute blurred NoteBooks with the message “double-click to view the contents”, tricking victims into believing the file’s contents are being protected.
Low detection rates
In a detailed report published on the company blog earlier this week, Proofpoint’s researchers said they identified six campaigns in December 2022, using OneNote to deliver the AsyncRAT malware.
A month later, in January 2023, they discovered more than 50 campaigns. Besides AsyncRAT, the crooks were delivering Redline Stealer, AgentTesla, and DOUBLEBACK. More recently, the threat actor known as TA577 used it to deliver Qbot.
Proofpoint’s researchers believe hackers turning to OneNote is in fact the result of extensive research. After experimenting with different attachment types, they settled on OneNote as so far, the detection rates are minimal.
At press time, Proofpoint says that “multiple” malware samples were not getting detected by antivirus vendors on VirusTotal.
The best way to protect against these attacks is the same as it always was – educate your employees not to download attachments and click on email links from people they don’t know, don’t trust, or whose identity cannot be confirmed. Also, they should be educated not to ignore warning messages prompted in programs such as Word, Excel, or OneNote. Other than that, having a strong antivirus solution, and a firewall, is welcome.
Finally, activating multi-factor authentication (MFA) wherever possible greatly reduces the chances of more serious compromise.
Audio player loading… The use of Microsoft OneNote documents to distribute malware to unsuspecting users is picking up pace, cybersecurity researchers from Proofpoint have claimed. OneNote is Microsoft’s digital note-taking app, which comes as part of the Office productivity suite. As such, cybercriminals can assume that most of their victims…
Recent Posts
- Quordle today – hints and answers for Friday, March 22 (game #788)
- GitLab confirms it’s removed Suyu, a fork of Nintendo Switch emulator Yuzu
- Qualcomm says most Windows games should ‘just work’ on its unannounced Arm laptops
- Beetlejuice Beetlejuice brings the dead man home in its first trailer
- Apple CarPlay is anticompetitive, too, US lawsuit alleges
Archives
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011