Microsoft OneNote attachments are being used to spread malware

Hackers have discovered a new way to bypass the macro block in Microsoft Office files and still deliver malware to unsuspecting victims through the company's suit of online collaboration apps. 

Security experts at BleepingComputer found freshly distributed phishing emails equipped with OneNote attachments. 

OneNote is a digital notetaking app, which people can use to create a sharable content library. It comes as part of the wider Microsoft Office suite, meaning if people have this installed, they can open OneNote files, too. While OneNote’s files, called NoteBooks, don’t support macros, they do support attachments, and that’s what the crooks are now leveraging.

Malicious VBS files

The phishing emails themselves are nothing out of the ordinary - they include fake DHL parcel notifications, fake invoices, fake shipping notifications, ACH remittance forms, and such. Instead of carrying a Word or Excel file attached, they carry a OneNote file which, if opened, seems to be blurred out, with a huge button in the middle saying “Double Click to View File”.

Double-clicking, however, runs the attachment which, in this case, is a malicious VBS file. 

This file then initiates communication with the command & control (C2) server and downloads the malware. 

BleepingComputer obtained a couple of these emails and determined that multiple remote access trojans and infostealers are being circulated, including the AsyncRAT and XWorm remote access trojans, as well as the Quasar Remote Access trojan.

The best way to protect against these attacks is the same as it always was - educate your employees not to download attachments and click on email links from people they don’t know, don’t trust, or whose identity cannot be confirmed. Also, they should be educated not to ignore warning messages prompted in programs such as Word, Excel, or OneNote. Other than that, having a strong antivirus solution, and a firewall, is welcome. 

Finally, activating multi-factor authentication (MFA) wherever possible greatly reduces the chances of more serious compromise. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/nckoLsj
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us