Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, sensitive informations, or even cryptocurrency wallets.
So here comes the surprise, these hackers quickly realised that they can use Microsoft One Note to send malicious spam attachements. Since Microsoft one note is used by many techies in their day to day job it gives more chances to these hackers that these files will make their ways to end user machines more easily undetected.
"Microsoft OneNote is a note-taking software developed by Microsoft. It is available as part of the Microsoft Office suite and since 2014 has been free on all platforms outside the suite. OneNote is designed for free-form information gathering and multi-user collaboration. It gathers users' notes, drawings, screen clippings, and audio commentaries, and notes can also be shared with other OneNote users over the Internet or a network.
Image by Freepik
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
However, in July, Microsoft eventually impaired macros by default in Office documents, making this method unreliable for distributing malware.
Soon after hackers began utilising new file formats, such as ISO (disk) images and password-protected ZIP archive files.
These file formats were too common, aided by a Windows bug allowing ISOs to bypass security warnings and the popular 7-Zip archive utility not propagating mark-of-the-web flags to files extracted from ZIP archives.
However soon Windows and 7zip realised about these methods of spreading malwares and started showing warning while opening the downloaded files.
Using Microsoft One Note
As per Wikipedia
"Microsoft OneNote is a note-taking software developed by Microsoft. It is available as part of the Microsoft Office suite and since 2014 has been free on all platforms outside the suite. OneNote is designed for free-form information gathering and multi-user collaboration. It gathers users' notes, drawings, screen clippings, and audio commentaries, and notes can also be shared with other OneNote users over the Internet or a network.
OneNote is also available as a free, stand-alone app via the official website and the app stores of: Windows 10, MacOS, iOS, iPadOS and Android. Microsoft also provides a web-based version of OneNote as part of OneDrive and Office for the web. source [wikipedia]"
As per the latest trend seen over the holiday season in Dec 2022 malicious threat actors have been sending spam emails with one note attachments which contains malicious codes.
These emails pretend to be coming from shipping companies containing shipping info and mechanical drawings.
once you open the attachment it runs a malicious VB script to run Malwares on your computer.
The best way to stay protected is that do not open emails without verifying the sender address and do not allow any scripts to run on your computer if by any chance you open the attachments.