Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks

Threat Advisories

Threat Actors Exploit Microsoft OneNote for Malware Delivery via Phishing Attacks

Threat Level
Attack Report

Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.

Summary

Cybercriminals are using Microsoft OneNote’s ability to embed files to deliver malware to users via social engineering techniques. OneNote allows users to organize information and insert files such as images, documents, and executables. However, attackers can steal data or install ransomware on their systems once users click on the embedded code. A recent campaign involved a malicious OneNote document-delivering Formbook, and there has been a notable spike in emails utilizing malicious OneNote attachments with notorious malware strains also shifting to this delivery mechanism.