Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
However, in July, Microsoft finally disabled macros by default in Office documents, making this method unreliable for distributing malware…
Not to be deterred, threat actors quickly switched to using a new file format in their malicious spam (malspam) attachments: Microsoft OneNote attachments…
From samples found by BleepingComputer, these malspam emails pretend to be DHL shipping notifications, invoices, ACH remittance forms, mechanical drawings, and shipping documents…
Unlike Word and Excel, OneNote does not support macros, which is how threat actors previously launched scripts to install malware.
Instead, OneNote allows users to insert attachments into a NoteBook that, when double-clicked, will launch the attachment.
Threat actors are abusing this feature by attaching malicious VBS attachments that automatically launch the script when double-clicked to download malware from a remote site and install it…
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Hackers now use Microsoft OneNote attachments to spread malware
- This topic has 2 replies, 3 voices, and was last updated 7 months, 4 weeks ago.
AuthorViewing 1 reply threadAuthor-
-
Hey Y’all,
Another way to block this is to disable the Windows Script Host. This will prevent all VBS (Visual Basic Scripts) files from executing.
You can do this easily using my Computer Mentor’s Standard Window 10 Settings PowerShell program. The program allow you to change the settings for a lot of Windows settings and will save those settings so they can be easily restored if a Windows Update clobbers them, which is all to often.
You can find the program CMsStdSettingsForm.zip on my OneDrive download page here.
Be sure to read the Comment based help.
HTH
2 users thanked author for this post.
Viewing 1 reply thread
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
MailStore Home updates
by 10 hours, 12 minutes ago
-
T-Mobile users say they see other people’s account information
by 21 hours, 22 minutes ago
-
Retirement of Exchange Web Services in Exchange Online
by 1 day, 9 hours ago
-
What Remote Desktop credentials do I use to access a MS Account computer
by 2 hours ago
-
Office 2003 Compatibility with One Drive in Windows 11
by 1 day, 20 hours ago
-
Has KB5030219 been pulled for Windows 11 Pro for Workstations?
by 1 day, 21 hours ago
-
By default encryption on Apple
by 1 day, 14 hours ago
-
KB5029331 Macrium/Reflect
by 1 day, 15 hours ago
-
Windows 10 Build 19045.3513 (22H2) to Release Preview Channel
by 2 days, 2 hours ago
-
Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
by 1 day, 11 hours ago
-
Change CPU/Mainboard without reinstallation of OS and Apps – Win10
by 1 day, 17 hours ago
-
Mouse slows to crawl if Edge in focus
by 2 days, 22 hours ago
-
Windows and Surface chief Panos Panay is leaving Microsoft
by 2 days, 11 hours ago
-
Essential Office Portable
by 2 days, 23 hours ago
-
Essential Office: Disable Spell Check
by 2 days, 23 hours ago
-
Apple 2030
by 21 hours, 48 minutes ago
-
Wi-Fi 7? Why not!
by 2 days, 6 hours ago
-
Second city — the AI view from Washington
by 3 days, 8 hours ago
-
Zeroing in on zero days
by 1 day, 17 hours ago
-
LMDE – Software Update
by 23 hours, 10 minutes ago
-
MacAfee anti virus left overs
by 17 hours, 42 minutes ago
-
Google issues update for Chrome 109 (Win 7 – Server 2012r2) that fixes WebP
by 51 minutes ago
-
Microsoft apparently canning P2P Win32 services on Windows 11 23H2, Windows 12
by 3 days, 18 hours ago
-
Inserting from clipboard into posting
by 3 days, 17 hours ago
-
Background picture not invoked @ startup
by 1 day, 21 hours ago
-
download Linux Mint most recent
by 4 days, 1 hour ago
-
Modify email account settings
by 4 days, 9 hours ago
-
Microsoft’s Edge 109 updates for Windows 7 , 8, 8.1, 2012 R2 ! webP fix
by 4 days, 23 hours ago
-
High CPU Temperatures (Stock Cooler Insufficient)
by 5 days, 8 hours ago
-
How to use Roadside Assistance via satellite on iPhone 14 and iPhone 15
by 4 days, 22 hours ago
