Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks
Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks
Threat Level
Attack Report
Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.
Summary
Cybercriminals are using Microsoft OneNote’s ability to embed files to deliver malware to users via social engineering techniques. OneNote allows users to organize information and insert files such as images, documents, and executables. However, attackers can steal data or install ransomware on their systems once users click on the embedded code. A recent campaign involved a malicious OneNote document-delivering Formbook, and there has been a notable spike in emails utilizing malicious OneNote attachments with notorious malware strains also shifting to this delivery mechanism.