Cyber attackers around the world are looking at alternate file attachment types to trap users with phishing and malware attacks, according to a report by Bleeping Computer. The alternate attachment types come in the form of online, open-source file attachments, and the latest type that has now been spotted includes Microsoft OneNote files. According to the report, hackers are exploiting OneNote attachments in emails to trick users into downloading malware.
The report stated that hackers switched to OneNote, Microsoft’s online note-taking alternative to Word, after the company disabled ‘macros’ by default in email attachments. The latter, which refer to code snippets that execute a command upon a user opening the email attachment, were long since used by attackers to get users to download malware attachments.
By using macros, hackers would store malware within Microsoft Word or Excel documents. Once a user opened the attachment, the malware would get triggered automatically. These malware, in turn, could be used for a wide range of attacks — including remote code execution, botnets, financial or identity theft, or even spyware.
In September 2021, Microsoft disabled macros by default, in order to protect users from such spread of malware. This, according to reports in January last year, led to the rise of hackers using Google Docs and Sheets in order to spread hidden malware — and the same has now been extended to Microsoft’s OneNote as well.
To be sure, these are not rare hacking techniques, and according to Bleeping Computer, hackers use the pretext of shipping documents or impersonated official files in order to convince users into downloading the malware.
To prevent the spread of such malware through OneNote or any other online document tool, users are advised to not open email attachments of any email, unless they are fully assured of the sender, and have some context into the attachment that has been shared with them.