BleepingComputer reports that Microsoft OneNote attachments are being leveraged in phishing emails aimed at deploying remote access trojans for secondary malware deployment, as well as password and cryptocurrency theft.
Threat actors behind the scheme have been sending emails purporting to be DHL shipping notifications, ACH remittance forms, invoices, shipping documents, and mechanical drawings.
With OneNote not supporting macros, attackers have been exploiting the tool to facilitate the inclusion of malicious VBS attachments, according to BleepingComputer. While OneNote warns users that opening attachments may harm their computer and data, the advice is commonly ignored, and clicking the "OK" button would trigger the execution of a VBS script that enables malware download and execution.
BleepingComputer has observed that malspam emails sent using the attack technique result in the installation of RATs. Both the AsyncRAT and XWorm RATs were observed by cybersecurity researcher James to have been installed by the OneNote attachments he examined.
The aviation equivalent of ASCII art, a memory safety issue in OpenSSH that might not be terrible, a format string in F5 that might be terrible, a new MITRE framework for supply chain security, programming languages and secure code
Confused about exactly what “automation” means in the world of application scanning tools? You’re not alone. From executing automatic security checks to scheduling when scans are launched, here’s a breakdown of the many ways automation enables more effective software security.