BleepingComputer reports that Microsoft OneNote attachments are being leveraged in phishing emails aimed at deploying remote access trojans for secondary malware deployment, as well as password and cryptocurrency theft.
Threat actors behind the scheme have been sending emails purporting to be DHL shipping notifications, ACH remittance forms, invoices, shipping documents, and mechanical drawings.
With OneNote not supporting macros, attackers have been exploiting the tool to facilitate the inclusion of malicious VBS attachments, according to BleepingComputer. While OneNote warns users that opening attachments may harm their computer and data, the advice is commonly ignored, and clicking the "OK" button would trigger the execution of a VBS script that enables malware download and execution.
BleepingComputer has observed that malspam emails sent using the attack technique result in the installation of RATs. Both the AsyncRAT and XWorm RATs were observed by cybersecurity researcher James to have been installed by the OneNote attachments he examined.
Application security, Email security, Vulnerability Management, Malware
Malware deployment facilitated by Microsoft OneNote attachments
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds