Word and Excel used to be hackers’ favorite apps for distributing malicious software to hoodwinked victims who were baited into downloading email attachments, but Microsoft eventually blocked the exploit in July. So what now?
According to BleepingComputer, threat actors are using another Office platform: OneNote. Hackers are using the productivity app to remotely control victims’ PCs, allowing them to install more malware, breach cryptocurrency wallets, steal passwords — and even take screenshots and access your webcam.
How hackers are using OneNote to wreak havoc on PCs
On the plus side, in order to be a victim of a OneNote-propelled attack, you’d need to fall for a phishing email campaign. And we’d hope that the egregious spelling errors, suspicious-looking email address, and poor mimicking of an official company would deter you from falling for it, but alas, hackers seem to snag a few victims into its web nonetheless.
During BleepingComputer’s investigation, it found that cybercriminals masked their ill-intentioned, malware-infested emails as official DHL correspondence. The emails attempted to fool recipients into thinking they were getting DHL invoices, ACH remittance forms, shipping documents, notifications, and more.
Once a victim clicks on the OneNote attachment, the information is blurred. There’s an overlay that says, “Double Click to View File.” If the quarry follows the instruction, chaos ensues.
“Threat actors are […] attaching malicious VBS attachments that automatically launch the script when double-clicked to download malware from a remote site and install it,” BleeingComputer said.
Remote-access trojans will then take over the computer, allowing hackers to steal victims’ files. breach cryptocurrency wallets, and snatch browser passwords. In some cases, cybercriminals can even take screenshots and take control of users’ webcams.
How to protect yourself
Good news! If you attempt to download a malicious attachment, according to BleepingComputer, you should get a warning from Windows informing you that the document may be harmful. However, users often ignore this pop-up message and download it anyway — don’t be that person.
But you shouldn’t get that far, really, because you should refrain from opening emails and attachments from unknown sources. Plus, phishing emails are typically easy to spot. As mentioned, poor grammar, spelling errors, waywardly placed logos, and other fishy elements should make spotting malicious emails a piece of cake.