Hackers have found a brand new strategy to bypass the macro block in Microsoft Workplace recordsdata and nonetheless ship malware (opens in new tab) to unsuspecting victims via the corporate’s go well with of on-line collaboration apps. 

Safety consultants at BleepingComputer discovered freshly distributed phishing emails outfitted with OneNote attachments. 

OneNote is a digital notetaking app, which individuals can use to create a sharable content material library. It comes as a part of the broader Microsoft Workplace suite, which means if individuals have this put in, they’ll open OneNote recordsdata, too. Whereas OneNote’s recordsdata, known as NoteBooks, don’t assist macros, they do assist attachments, and that’s what the crooks are actually leveraging.

TechRadar Professional wants you! (opens in new tab) We wish to construct a greater web site for our readers, and we’d like your assist! You are able to do your bit by filling out our survey (opens in new tab) and telling us your opinions and views in regards to the tech business in 2023. It can solely take a couple of minutes and all of your solutions will probably be nameless and confidential. Thanks once more for serving to us make TechRadar Professional even higher.

D. Athow, Managing Editor

Malicious VBS recordsdata

The phishing emails themselves are nothing out of the bizarre – they embody pretend DHL parcel notifications, pretend invoices, pretend transport notifications, ACH remittance types, and such. As a substitute of carrying a Phrase or Excel file hooked up, they carry a OneNote file which, if opened, appears to be blurred out, with an enormous button within the center saying “Double Click on to View File”.

Double-clicking, nevertheless, runs the attachment which, on this case, is a malicious VBS file. 

This file then initiates communication with the command & management (C2) server and downloads the malware. 

BleepingComputer obtained a few these emails and decided that a number of distant entry trojans and infostealers are being circulated, together with the AsyncRAT and XWorm distant entry trojans, in addition to the Quasar Distant Entry trojan.

The easiest way to guard in opposition to these assaults is identical because it at all times was – educate your workers to not obtain attachments and click on on e mail hyperlinks from individuals they don’t know, don’t belief, or whose identification can’t be confirmed. Additionally, they need to be educated to not ignore warning messages prompted in applications similar to Phrase, Excel, or OneNote. Apart from that, having a robust antivirus resolution, and a firewall, is welcome. 

Lastly, activating multi-factor authentication (MFA) wherever attainable significantly reduces the possibilities of extra severe compromise. 

• Here is our checklist of the very best endpoint safety (opens in new tab) software program

By way of: BleepingComputer (opens in new tab)