The usage of Microsoft OneNote paperwork to distribute malware to unsuspecting customers is choosing up tempo, cybersecurity researchers from Proofpoint have claimed.

OneNote is Microsoft’s digital note-taking app, which comes as a part of the Workplace productiveness suite. As such, cybercriminals can assume that the majority of their victims have already got the app put in on their endpoints. 

OneNote’s recordsdata, known as NoteBooks, permit customers so as to add attachments, which might obtain malware from distant places. All customers must do is double-click the file, which they are often simply tricked into doing. Latest studies noticed hackers distribute blurred NoteBooks with the message “double-click to view the contents”, tricking victims into believing the file’s contents are being protected. 

Low detection charges

In an in depth report printed on the corporate weblog earlier this week, Proofpoint’s researchers stated they recognized six campaigns in December 2022, utilizing OneNote to ship the AsyncRAT malware.

A month later, in January 2023, they found greater than 50 campaigns. Moreover AsyncRAT, the crooks had been delivering Redline Stealer, AgentTesla, and DOUBLEBACK. Extra lately, the risk actor often called TA577 used it to ship Qbot. 

Proofpoint’s researchers consider hackers turning to OneNote is actually the results of intensive analysis. After experimenting with totally different attachment sorts, they settled on OneNote as up to now, the detection charges are minimal.

At press time, Proofpoint says that “a number of” malware samples weren’t getting detected by antivirus distributors on VirusTotal. 

The easiest way to guard in opposition to these assaults is similar because it at all times was – educate your workers to not obtain attachments and click on on e mail hyperlinks from individuals they don’t know, don’t belief, or whose identification can’t be confirmed. Additionally, they need to be educated to not ignore warning messages prompted in applications comparable to Phrase, Excel, or OneNote. Apart from that, having a robust antivirus answer, and a firewall, is welcome. 

Lastly, activating multi-factor authentication (MFA) wherever doable significantly reduces the possibilities of extra critical compromise. 

• This is our tackle the perfect ransomware safety companies round