Beware: Microsoft OneNote’s attachments might spread malware to your PC

Kevin Okemwa

Microsoft OneNote

Hackers are constantly devising new ways to breach and access sensitive data belonging to unsuspecting users. Even with resourceful tools like Microsoft Authenticator and the company blocking VBA macros in Office by default, attackers are still finding ways to bypass all these elaborate measures put in place to protect users.

And now, it seems that attackers have found a new way to trick users to fall into their deceitful schemes via the Microsoft OneNote app. As you might already be aware, hackers often make use of malicious macro codes when they want to compromise your system, but now ever since Microsoft placed the VBA block on macros in Office they are now masking them as legitimate documents. This way the users get to lower their guard and enable macros in a bid to enhance accessibility, thus exposing them to vulnerability.

As seen in a report by BleepingComputer, the attackers are now sending out phishing emails that they front to contain remittance forms, DHL invoices, shipping documents, and more. But instead of using macros which are not supported in Office, therefore, making it difficult to open using Microsoft OneNote, they are now attaching files in notebooks. Here’s an example of such an instance:


Upon double-clicking the attachment Microsoft will notify you that opening the attachment might harm your PC or allow unauthorized users to access your data.

OneNote attachment security warning

However, if you chose to ignore this message and double-click on the attached malicious VBS files found in the OneNote notebook and download them, you’ll now be susceptible to attacks.

These documents feature images that either contains the “Double click to view file” or “View Document” text, which are in place to prompt the user to open them. Upon executing this request, users will have unknowingly downloaded and installed the malware onto their PCs from a remote server.

Malicious OneNote email attachment

Behind the documents masked as actual files in the OneNote notebook, is a malicious batch file background execution such as Quasar Remote Access trojans, AsyncRAT, and more which will compromise your PC’s security. Once they gain access to your data, attackers will now be able to access saved passwords, and record videos secretly using the device’s webcam among other capabilities.

To protect yourself against such attacks be wary of opening attachments from unknown sources and also ensure you have an antivirus installed on your device. Share your thoughts with us in the comment section.

via: BleepingComputer