Careful when using OneNote, cybercriminals might target you

Reading time icon 3 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Microsoft's OneNote might seem harmless at first sight, but hackers are one step ahead of you.
  • Since macros don't work here, like in Word or Excel, cybercriminals had to get more inventive.
  • Thus, files received and opened through the app might end up being a highly costly mistake.
note malware

There’s no denying the fact that, for the longest time, cybercriminals have been exploiting the macro feature in Office applications like Word and Excel to infect unsuspecting users’ PCs with malware.

If you don’t know how this works, malicious third parties typically do this by injecting malicious macro code into a legitimate Word or Excel document, then convincing users to enable macros to allegedly display the file properly.

The Redmond tech company is aware of this behavior, so it eventually blocked macros in Office documents by default.

That being said, cybercriminals are now using another app to trick users into infecting their own PCs with malware, which is the digital note-taking app OneNote.

Opening shady OneNote messages could be a costly mistake

According to recent reports, witty cybercriminals have been found sending phishing emails that purportedly contain DHL invoices, remittance forms, shipping notifications and documents, and mechanical drawings.

Thus, instead of using macros and alerting everyone, which OneNote does not support, cybercriminals are exploiting OneNote’s ability to attach files within a notebook.

Their goal is achieved by attaching malicious VBS files to a OneNote notebook. And, when double-clicked, these files automatically download and install malware from a remote site.

In order to further conceal them and make the OneNote document look as legitimate as possible, threat actors overlay a Double click to view file box over them.

Pretty enticing for your average user and clicking on the box will launch the malicious files, which will install malware onto the device.

Source: BleepingComputer

Note that OneNote will warn users that opening attachments could harm the user’s computer and data, but many users might just ignore the warning and click the OK button anyway.

After downloading, you will get a decoy OneNote document that opens and looks like the document you expected.

Don’t get fooled, however, as the VBS file will also execute a malicious batch file in the background to install malware on the device.

Reports also indicate the fact that the OneNote files install remote access trojans that include information-stealing functionality.

A lot of security experts also took to Twitter and other social media platforms to warn unsuspecting users about these dangers lurking in plain files.

You aren’t new to the internet, so you know that malicious third parties also commonly use remote access trojans to steal cryptocurrency wallets from victims’ devices.

If you are looking for the best way to protect yourself from malicious attachments, simply do not open files from people you do not know.

On the off chance you already have mistakenly opened a file, do not disregard warnings displayed by the operating system or application.

Have you been receiving suspicious OneNote messages? Share your experience with us in the comments section below.

More about the topics: Microsoft OneNote