San Francisco: Hackers are now spreading malware using Microsoft OneNote attachments in phishing emails, infecting victims using remote access malware that can be used to install additional malware, steal passwords, or even cryptocurrency wallets.
For years, attackers have distributed malware in emails via malicious Word and Excel attachments that launch macros to download and install malware, reports Bleeping Computer. However, in July last year, Microsoft disabled macros by default in Office documents, rendering this method untrustworthy for malware distribution.
Threat actors then quickly began using new file formats, such as ISO images and password-protected ZIP files, said the report. These file formats quickly gained popularity, aided by a Windows bug that allowed ISOs to bypass security warnings and the popular 7-Zip (a free and open-source file archiver) utility’s failure to propagate mark-of-the-web flags to files extracted from ZIP archives.
However, these bugs were fixed by both 7-Zip and Windows recently, preventing users from opening files in downloaded ISO and ZIP files without scary security warnings, the report added. Microsoft OneNote is a free desktop digital notebook application that comes with Microsoft Office 2019 and Microsoft 365. Meanwhile, the tech giant banned cryptocurrency mining from its online services to protect all of its cloud customers, media reports said.
“Cryptocurrency mining can disrupt or even impair Online Services and its users, and is often associated with unauthorised access to and use of customer accounts,” Microsoft told The Register. “We made this change to further protect our customers and mitigate the risk of disrupting or impairing services in the Microsoft Cloud,” it added.