IT House news on January 23, according to foreign technology media BleepingComputer reports, malicious attackers use notes in OneNote to spread malicious files. The attackers send phishing emails and contain documents such as DHL invoices, remittance forms, shipping notices and documents, and mechanical drawings.
An attacker attaches a malicious VBS file to a OneNote note. Once the user double-clicks, the files automatically download and install malware from the remote site. To hide them and make OneNote documents look as legitimate as possible, an attacker overlays a double-click to view file box over these files.
This means that clicking on the box will launch a malicious file, which installs malware onto the device. Although OneNote warns users that opening attachments can harm their computers and data, many users may ignore the warning and click OK.
IT House learned that malicious OneNote documents often install remote access Trojans that can steal sensitive information and cryptocurrency wallets. The attackers can even use the victim's webcam to take screenshots and record videos.