According to foreign tech media outlet BleepingComputer, a malicious attacker has used notes in OneNote to spread malicious files. The attackers send phishing emails and include documents such as DHL invoices, money transfer forms, shipping notices and documents, and mechanical drawings.
The attacker attaches malicious VBS files to OneNote notes. Once the user double-clicks on them, the files automatically download and install malware from a remote site. In order to hide them and make the OneNote document look as legitimate as possible, the attackers overlay a “double-click to view file” box on top of these files.
This means that clicking on the box will launch a malicious file, which will install malware onto the device. Although OneNote warns users that opening the attachment could damage their computer and data, many users may ignore the warning and click “OK”.
Malicious OneNote documents often install remote access Trojans that can steal sensitive information and cryptocurrency wallets. Attackers can even use the victim’s webcam to take screenshots and record videos.
