With Microsoft Authentication and Microsoft blocking VBA macros in Office by default, hackers are constantly in pursuit of new solutions to breach and access sensitive user data.
Apparently now, hackers have found a new way to spread malware to inexperienced users using the Microsoft OneNote app. Considering Microsoft has placed the VBA block on macros in Office, hackers are now trying to mask its malware as legitimate documents. In this way, inexperienced users could lower their security and enable macros trying to enhance accessibility and thus exposing them to threats.
According to the Bleeping Computer report, the hackers are now sending phishing emails containing DHL invoices, shipping documents, remittance forms, etc.
Once a user double-clicks on the attachment, Windows will warn the user that opening the attachment could harm the PC and its data. If a user chooses to ignore this message and opens the attached file, malicious VBS found in the OneNote notebook will be downloaded to the PC.
Once the OneNote file has been opened, the user will get another prompt to Double Click to View File. Upon execution of this request, things start to get ugly because at that point malicious batch file is being executed in the background which will compromise PC’s security. Once attackers gain access to your machine they will be able to access saved passwords and other sensitive data.
To stay safe, please refrain from opening emails and attachments from unknown senders.