Microsoft is adding extra protection to OneNote, one of the many productivity tools included with Microsoft 365, after hackers started exploiting it to deliver malware (opens in new tab) en masse.
According to a new Microsoft 365 roadmap entry recently spotted by BleepingComputer, OneNote will display an additional warning notification when a user tries to run a risky file.
In the article “Microsoft OneNote: Enhanced protection against known high-risk phishing file types,” the company said the change should be live by the end of April this year.
Alternatives to weaponized macros
“We are adding enhanced protection when users open or download an embedded file in OneNote,” Microsoft said in the advisory. “Users will be notified when the files are deemed dangerous to improve file security in OneNote on Windows.”
Hackers turned to OneNote after Microsoft blocked Excel from running macros in files downloaded from the Internet. Macros used to be one of the most popular attack vectors for threat actors, but since the Redmond giant made the change, threat actors have been experimenting with a number of alternatives.
One that is catching on is the proliferation of OneNote files with attachments, which can be manipulated just like macros to download and execute malicious files hosted by third parties.
To get victims to activate the attachments, the hackers would create a file that looks blurry, with a huge button overlay that says “click here to view” or something similar. The explanation behind this approach is that the file is “secure”.
The use of OneNote to deliver malware began to catch the attention of cybersecurity professionals last December, BleepingComputer reported, citing a Trustwave report.
In addition to OneNote files, hackers also distribute shortcut (.LNK) files, as they can have virtually any icon (for example, an icon of a .PDF file) and are not inherently malicious.
Via: Bleeping Computer (opens in new tab)