By Lawrence AbramsJanuary 21, 2023
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets.
This comes after attackers have been distributing malware in emails using malicious Word and Excel attachments that launch macros to download and install malware for years.
However, in July, Microsoft finally disabled macros by default in Office documents, making this method unreliable for distributing malware.
Soon after, threat actors began utilizing new file formats, such as ISO images and password-protected ZIP files. These file formats soon became extremely common, aided by a Windows bug allowing ISOs to bypass security warnings and the popular 7-Zip archive utility not propagating mark-of-the-web flags to files extracted from ZIP archives.
However, both 7-Zip and Windows recently fixed these bugs causing Windows to display scary security warnings when a user attempts to open files in downloaded ISO and ZIP files.
Article (https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/)
Roy Miehe | MspPortal Partners Inc. | Ceo/President
Security Software Distributor: Bitdefender , Barracuda, Axcient
“Where Service and Technical Skills Count”