Microsoft OneNote is being fixed after surge in malware

Unlocked padlock on a computer keyboard
(Image credit: Unsplash / Fly:D)

Microsoft is adding extra protection to OneNote, one of the many productivity tools included with Microsoft 365, after hackers started abusing it to deliver malware en masse. 

According to a new roadmap entry for Microsoft 365, spotted recently by BleepingComputer, OneNote will display an extra warning notification when a user tries to run a high-risk file.

In the “Microsoft OneNote: improved protection against known high risk phishing file types” article, the company said the change should be live by the end of April this year.

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

Alternatives to weaponized macros

"We add enhanced protection when users open or download an embedded file in OneNote," Microsoft said in the advisory. "Users will receive a notification when the files deem dangerous to improve the file protection experience in OneNote on Windows."

Hackers turned to OneNote after Microsoft blocked Excel from running macros in files downloaded from the internet. Macros were one of the most popular attack vectors for threat actors, but ever since the Redmond giant made the change, threat actors have been experimenting with a number of alternatives.

One that has been catching on is the distribution of OneNote files with attachments, which, like macros, can be manipulated to download and run malicious files hosted on third parties. 

To make sure victims activate the attachments, the hackers would create a file that looks blurred, with a huge overlaid button saying “click here to view” or something similar. The explanation behind this approach is that the file is “protected”.

Using OneNote to deliver malware started grabbing cybersecurity pros’ attention in December last year, BleepingComputer reported, citing a Trustwave report. 

Besides OneNote files, hackers have also been distributing shortcut files (.LNK), as these could come with pretty much any icon (for example, an icon of a .PDF file) and are not inherently malicious. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.