You are here

Threat Awareness - Use of Microsoft OneNote to Spread Malicious Payloads Rising

Threat Awareness - Use of Microsoft OneNote to Spread Malicious Payloads Rising

Created: Thursday, February 9, 2023 - 13:58
Categories:
Cybersecurity

SC Magazine has written an article covering the rise of a new malware trend: using Microsoft’s OneNote to distribute payloads. Researchers from both Proofpoint and Sophos have observed various threat actors executing campaigns that deliver malware through OneNote attachments, likely as part of criminals’ continued attempts to test out new methods of bypassing threat detection software. While smaller actors have been observed using this tactic since December 2022, its adoption by the group behind QakBot marks the beginning of its use in “a much more automated, streamlined fashion.” Members should consider increased scrutiny of OneNote files, to the point of blocking the application if it is not used on the organization’s network. Read more at SC Magazine.

Additional WaterISAC Reporting on the OneNote infection vector and/or Qakbot/Qbot: