1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • More Microsoft OneNote files are being hijacked to spread malware

    From TechnologyDaily@1337:1/100 to All on Wed Feb 8 11:15:03 2023
    More Microsoft OneNote files are being hijacked to spread malware

    Date:
    Wed, 08 Feb 2023 11:03:22 +0000

    Description:
    Hackers are using Microsoft OneNote files to deliver QBot malware.

    FULL STORY ======================================================================

    Researchers have uncovered a new cyber campaign using Microsoft OneNote files to infect devices with the QBot malware .

    A report from Sophos claims the campaign, dubbed QakNote, is currently
    active, with unknown threat actors sending out phishing emails with NoteBook attachments which come with attachments of their own.

    These attachments can be in pretty much any format, and in this case, theyre an HTA file - an embedded HTML application. Multi-stage attacks

    If activated, the application retrieves the QBot malware payload, which the attackers can use to gain initial access to target endpoints. Later, they can use that access to deploy stage-two malware, be it infostelaers, ransomware, cryptominers, or something else, entirely.

    To activate the attachment, the victims need to double-click a specific portion of the NoteBook file.

    Threat actors would usually create a fake blurred-out report with a large Click Here to View button, tricking people into thinking the contents of the file were protected for privacy reasons. Read more

    Here's our rundown of the best firewalls


    Malicious use of Microsoft OneNote documents on the rise


    Microsoft OneNote attachments are being used to spread malware

    Microsoft OneNote has emerged as one of the more popular threat vectors, following the demise of Office macros. In 2022, Microsoft made it impossible to run macros in Office files downloaded from the internet, effectively putting a stop to one of the most popular attack vectors in existence. Since then, threat actors have been looking for alternatives, and so far - two methods are growing increasingly popular.

    OneNote files with malicious attachments is one of the methods, with the second one being shortcut files (.LNK) used to side-load malicious .DLLs.

    In the second method, the attackers would send an archive folder containing a malicious .DLL file, a legitimate app such as the Windows Calculator, and a shortcut file whose icon was changed to something else (for example, a .PDF file). If the victim clicks the shortcut file, they would run the
    application, which would trigger the malicious .DLL file.

    Whichever method the attackers go for, they all have one thing in common - there needs to be action from the victim, as they need to be the ones to actually run the malicious code. That being said, the best way to stay safe
    is to use common sense and be careful when running files downloaded via
    email. Here's our list of the best endpoint protection tools around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/more-microsoft-onenote-files-are-being-hijacked -to-spread-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)