Microsoft’s OneNote, the note-taking app that’s part of the Office 365 productivity suite, is getting more and more attention for all the wrong reasons.
This follows another report by cybersecurity researchers showing that more and more attackers are using applications to deliver malware to unsuspecting victims.
Now, Zscaler researchers have published a report (opens in new tab) OneNote describes it as a “growing threat” of malware distribution.
fake invoices and orders
The method of delivery is similar to how Office files are delivered using macros. The attacker generates her OneNote file, called NoteBook, and designs it to look like an invoice or other important document. Inside the file it places malicious attachments that can download and execute malware from third party servers. Then blur the contents of the file and overlay a “Click here to view” button or similar call to action.
Clicking the button activates the add-on and runs the malware.
The files are then distributed by normal means (via email). Hundreds of thousands of phishing emails are sent daily to target corporate endpoints, personal computers, and other devices that hold sensitive customer or personal data.
Last summer, Microsoft finally disabled Office programs from running macros on files downloaded from the Internet. In this way, the company effectively stopped one of the most common attack vectors among the cybercriminal community. Since then, hackers have been working hard to find alternative ways to distribute malware. Two methods began to stand out for him: distributing ISO files (a type of archive file that allows hackers to bypass email and antivirus security) and distributing NoteBook files.
To protect against this type of attack, cybersecurity researchers typically download email attachments or click on links in emails that look even slightly suspicious in content, sender address, or subject line. I give common sense advice not to do this.
