Malicious use of Microsoft OneNote documents on the rise
OneNote is proving to be an effective platform to deliver malware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The use ofMicrosoftOneNote documents to distributemalwareto unsuspecting users is picking up pace, cybersecurity researchers from Proofpoint have claimed.
OneNote is Microsoft’s digital note-taking app, which comes as part of the Office productivity suite. As such, cybercriminals can assume that most of their victims already have the app installed on theirendpoints.
OneNote’s files, called NoteBooks, allow users to add attachments, which can download malware from remote locations. All users need to do is double-click the file, which they can be easily tricked into doing. Recent reports saw hackers distribute blurred NoteBooks with the message “double-click to view the contents”, tricking victims into believing the file’s contents are being protected.
Low detection rates
In a detailed report published on the company blog earlier this week, Proofpoint’s researchers said they identified six campaigns in December 2022, using OneNote to deliver the AsyncRAT malware.
A month later, in January 2023, they discovered more than 50 campaigns. Besides AsyncRAT, the crooks were delivering Redline Stealer, AgentTesla, and DOUBLEBACK. More recently, the threat actor known as TA577 used it to deliver Qbot.
Proofpoint’s researchers believe hackers turning to OneNote is in fact the result of extensive research. After experimenting with different attachment types, they settled on OneNote as so far, the detection rates are minimal.
Microsoft OneNote attachments are being used to spread malware>What is phishing and how dangerous is it?>Check out the best firewalls around
At press time, Proofpoint says that “multiple” malware samples were not getting detected by antivirus vendors on VirusTotal.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The best way to protect against these attacks is the same as it always was - educate your employees not to download attachments and click on email links from people they don’t know, don’t trust, or whose identity cannot be confirmed. Also, they should be educated not to ignore warning messages prompted in programs such as Word, Excel, or OneNote. Other than that, having a strong antivirus solution, and a firewall, is welcome.
Finally, activating multi-factor authentication (MFA) wherever possible greatly reduces the chances of more serious compromise.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Windows PCs targeted by new malware hitting a vulnerable driver
Dangerous Android banking malware looks to trick victims with fake money transfers
Apple Mac mini M4 PC gets rare discount in early Amazon Black Friday surprise offer, just 24 hours before it ships
