Microsoft is adding extra protections to OneNote, one of the many productivity tools included in Microsoft 365.After hackers started exploiting it to deliver malware (opens in new tab) collect.
According to a new Microsoft 365 roadmap entry recently spotted by BleepingComputer, OneNote will show additional warning notifications when users try to run risky files.
In an article titled “Microsoft OneNote: Better protection against known risky phishing file types,” the company says the change will take effect by the end of April this year.
Alternatives to Weaponized Macros
“Adds enhanced protection when users open or download files embedded in OneNote,” Microsoft said in an advisory. “To improve his file protection experience in OneNote on Windows, the user will receive a notification when a file is determined to be dangerous.”
Hackers turned to OneNote after Microsoft blocked Excel from running macros on files downloaded from the internet. Macros are he one of the most common attack vectors for threat actors, but since the Redmond giant made the change, threat actors have tried many alternatives.
A hot topic is the distribution of OneNote files with attachments. Similar to macros, this can be manipulated to download and execute malicious files hosted by third parties.
To ensure that the victim can activate the attachment, the hackers create a blurry looking file and overlay a button such as “Click here to view”. The explanation behind this approach is that the files are “protected”.
Using OneNote to distribute malware began gaining the attention of cybersecurity experts last December, reports BleepingComputer, citing a Trustwave report.
In addition to OneNote files, hackers also distribute shortcut files (.LNK). These files can come with almost any icon (such as .PDF file icons) and are not inherently malicious.
Via: BleepingComputer (opens in new tab)
