Microsoft adds extra protection to OneNote, one of the many productivity tools included in Microsoft 365, after hackers began to abuse it to deliver malware (opens in a new tab) en masse.
According to a new roadmap entry for Microsoft 365 spotted recently by BleepingComputer, OneNote will display an additional warning notification when a user tries to run a high-risk file.
In the article “Microsoft OneNote: Improved protection against known high-risk phishing file types”, the company said the change should be implemented by the end of April this year.
Alternatives to armed macros
“We’re adding enhanced protection when users open or download an embedded file in OneNote,” Microsoft said in an advisory. “Users will receive a notification when files are deemed unsafe to improve file protection in OneNote on Windows.”
Hackers turned to OneNote after Microsoft blocked Excel from running macros in files downloaded from the Internet. Macros used to be one of the most popular attack vectors for cybercriminals, but since the Redmond giant made this change, cybercriminals have been experimenting with many alternatives.
One is the distribution of OneNote files with attachments that, like macros, can be manipulated to download and run malicious files hosted on third parties.
To ensure that victims activate the attachments, the hackers have created a file that looks blurry with a huge superimposed button that says “click here to view” or something similar. The explanation of this approach is that the file is “protected”.
As reported by BleepingComputer, citing a Trustwave report, the use of OneNote to deliver malware began attracting the attention of cybersecurity professionals last December.
In addition to OneNote files, hackers also distribute shortcut (.LNK) files because they can contain virtually any icon (for example, a .PDF file icon) and are not inherently malicious.
By: Beeping Computer (opens in a new tab)