"Cybercriminals Use Microsoft OneNote Attachments to Spread Malware"

Cybercriminals are using OneNote attachments in phishing emails to infect victims with remote access malware, allowing them to steal passwords and cryptocurrency wallets. Since attackers have been spreading malware via infected Word and Excel attachments for years, running macros to download and install malware, this approach is not new. However, Microsoft disabled macros by default in Office documents in July 2022, rendering malicious attachments less effective. Therefore, attackers began using new file formats, such as password-protected ZIP files and ISO images. A Windows flaw that allowed ISOs to bypass security warnings and the failure of the popular 7-Zip archive utility to propagate Mark of the Web (MOTW) flags to files extracted from ZIP archives facilitated the rapid rise in popularity of these file formats. Microsoft addressed the issue by instructing Windows to display security alerts when a user attempts to access downloaded ISO or ZIP files, but this did not prevent malicious actors from switching to Microsoft OneNote attachments. This article continues to discuss the use of Microsoft OneNote attachments to spread malware.

Techzine reports "Cybercriminals Use Microsoft OneNote Attachments to Spread Malware"