Feb 5 / Admin

New Scam Alert: Hackers now use Microsoft OneNote attachments to spread malware

Bleeping Computer reported: 

Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.

Since mid-December, Trustwave SpiderLabs warned that threat actors had started distributing malicious spam emails containing OneNote attachments.

From samples found by BleepingComputer, these malspam emails pretend to be DHL shipping notifications, invoices, ACH remittance forms, mechanical drawings, and shipping documents.

Instead, OneNote allows users to insert attachments into a NoteBook that, when double-clicked, will launch the attachment.

Threat actors are abusing this feature by attaching malicious VBS attachments that automatically launch the script when double-clicked to download malware from a remote site and install it.

Thankfully, when launching OneNote attachments, the program warns you that doing so can harm your computer and data.

But unfortunately, history has shown us that these types of prompts are commonly ignored, and users just click the OK button.

Read more in the original article here.

Enroll in Training Sessions:  Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
* indicates required