In recent weeks, several campaigns have been detected that use OneNote attachments for distributing malware, including AsyncRat, Emotet, and QBot. If executed, the hidden executable file downloads a malicious payload from a remote server. The user is informed that they need to double-click the button, but doing so executes the hidden embedded executable file behind the button. These files are usually hidden behind design elements in the documents, such as buttons instructing users to click to view the content. OneNote is a digital note-taking application that is part of the Microsoft Office suite and it has been proving popular for malware distribution because executable files can be embedded in OneNote documents. In response, threat actors have been looking for alternative methods for malware delivery, such as OneNote files. Last year, Microsoft started blocking macros by default in Office files delivered via the Internet to make it harder for malicious actors to use macros for delivering malware. Microsoft Will Block Dangerous File Types in OneNote Documents
0 kommentar(er)
