For the longest time, cybercriminals have been exploiting the macro feature in Office applications like Word and Excel to infect the PCs of unsuspecting users with malware. They typically insert malicious macro code into a legitimate Word or Excel document, then convince users to enable the macro in order to display the alleged file properly. However, this only allows the malware to wreak havoc on the victim’s PC.
Microsoft is aware of this behavior by threat actors, so they eventually blocked macros by default in Office documents. However, cybercriminals are now using another app to trick users into infecting their own PCs with malware: the digital note-taking app OneNote.
As reported by Bleeping Computer., cybercriminals have been found sending phishing emails that allegedly contain DHL invoices, remittance forms, shipping notifications and documents and mechanical drawings. Instead of using macros, which OneNote doesn’t support, cybercriminals are exploiting OneNote’s ability to attach files within a notebook.
They do this by attaching malicious VBS files to a OneNote file. When double-clicked, these files automatically download and install malware from the remote site. To hide them and make the OneNote file look as legitimate as possible, threat actors overlay them with a “double-click to view file” box.
This means that clicking on the box will launch malicious files, which will install malware on the device. And while OneNote will warn users that opening the attachment may damage the user’s computer and data, many users will ignore the warning and click “OK” anyway.
In emails seen by BleepingComputer, malicious OneNote documents typically install remote access Trojans that can steal sensitive information and cryptocurrency wallets. Others can also take screenshots and record video using the victim’s webcam.
To protect yourself from these attacks, don’t open unsolicited emails from people you don’t know. Also, make sure your antivirus software is updated so that it can properly detect malware and remove it from your system.
Source and images: Bleeping computer