Share this article on:
Microsoft has announced a slew of protective updates after reports that bad actors were using its OneNote program to launch phishing attacks.
The updates, which will be applied to the tech giant’s cloud-based collection of productivity software, Microsoft 365, will add additional protective measures to the program, such as warning users when a file could be dangerous.
Cyber criminals have been using OneNote documents with ‘.one’ file extensions that contain embedded malicious files to launch phishing attacks.
Users would be presented with overlays asking them to click to view the document, which would then run the malicious program.
The malware launched has been reported to record video using the victim’s webcam and take screenshots of a user’s screen, meaning financial, personal, and other data is at risk. In some cases, the malicious files are able to install remote access Trojans.
“From what we have seen, any files can be easily embedded in OneNote,” said Bernard Bautista, a researcher from Trustwave SpiderLabs.
“Together with tricky social engineering techniques, threat actors can successfully take control of a target’s system and steal sensitive data.
“Furthermore, OneNote documents do not include ‘Protected View’ and Mark-of-the-Web (MOTW) protection increasing the risk of exposure to potentially malicious files and making it attractive to cyber criminals.”
Microsoft added a new entry to its Microsoft 365 road map titled “Microsoft OneNote: improved protection against known high-risk phishing file types,” which revealed the new updates.
Now, when a file seems dangerous or suspicious, OneNote users will receive a notification warning them to avoid opening the file.
While the new update does provide an extra layer of security, users can and often do ignore such warnings. As is usually the case, the best way to prevent becoming a victim is to learn good security practices, such as not opening suspicious emails or downloading unknown attachments and to keep security software up to date at all times.
Prior to OneNote, hackers were leveraging Microsoft’s Word and Excel programs. This was quickly patched by Microsoft, causing bad actors to make the move to OneNote.