Threat actors are always looking for ways to get malware into systems, and they often seem to have endless ingenuity In this case, the attacker was caught trying to spread malware via a phishing email attached to Microsoft OneNote

It has been known for years that attackers have been using Microsoft Office files, especially Word and Excel attachments, to spread malware Last July, Microsoft finally took some action by disabling macros in Office documents by default as an unreliable way to infect unsuspecting recipients

Despite this, attackers switched to using ISO images and ZIP files, exploiting bugs in Windows and 7-Zip Now that these security holes have been fixed, it appears that OneNote attachments are becoming the weapon of choice

According to Bleeping Computer (opens in new tab), various phishing emails pose as shipping notices, invoices, mechanical drawings, and other such innocuous files However, OneNote does not support macros, so attackers had to devise a way to retrieve the files in order to install malware

Apparently, this is due to OneNote's ability to allow users to add attachments to their notebooks Attached OneNote files appear blurry and have a large button that says "Double Click to View File" However, double clicking this button executes the file attachment, which is a malicious Visual Basic Script (VBS) file This VBS can download malware from a remote site and install it on your machine

OneNote warns about the dangers of opening files from unknown sources, but its effectiveness depends on the user actually paying attention Also, the VBS file, once activated, downloads and displays a decoy OneNote document and does not make the user smart about what just happened

Bleeping Computer discovered that this file steals a remote access Trojan horse that allows attackers to access your device and steal all sorts of things files, stored passwords, crypto wallets, webcam footage, and more

The best way to protect yourself from this type of attack is to not open files from people you don't actually know, especially OneNote files On top of that, if you do open an unknown file, you need to listen to the warnings that pop up for your own safety