Microsoft's OneNote, a note-taking app that's part of the Office 365 productivity suite, is attracting more and more attention — for all the wrong reasons.
This follows another report from cybersecurity researchers describing how more and more malicious actors are starting to use the app to deliver malware to unsuspecting victims.
This time, Zscaler researchers published a report (opens in a new tab) describing OneNote as a "growing threat" for malware distribution.
Fake invoices and orders
The delivery method is similar to macro-based Office files. The attackers would generate a OneNote file, called a NoteBook, and style it to look like an important document, like an invoice or something similar. Inside the file, they would place a malicious attachment capable of downloading and executing malware from a third-party server. They would then blur the content of the file and overlay it with a button that said "Click here to view" or a similar call-to-action.
Clicking the button would activate the plugin and execute the malware.
The file would then be distributed in the usual way: by email. Hundreds of thousands of phishing emails are sent daily, targeting corporate endpoints, personal computers, and other devices containing sensitive personal and customer data.
Last summer, Microsoft finally stopped Office programs from running macros on files downloaded from the Internet. In this way, the company has effectively put an end to one of the most popular attack vectors among the cybercriminal community. Since then, hackers have been hard at work finding other ways to spread malware. Two methods have come to the fore: ISO file delivery (a file type that allows hackers to bypass antivirus and email security) and Notebook file delivery.
To protect against these types of attacks, common sense is generally recommended by cybersecurity researchers not to download attachments in emails or click on links in emails whose content, email address, sender, or subject line seems suspicious, even from a distance.