Photo : iStock
Microsoft OneNote attachments are now being used to spread malware by hackers. These attachments in phishing emails infect victims using remote access malware that can be used to install malware or steal passwords.
For years, attackers have distributed malware in emails via malicious Word and Excel attachments that launch macros to download and install malware, reports Bleeping Computer.
However, in July last year, Microsoft disabled macros by default in Office documents, rendering this method untrustworthy for malware distribution.
- Hackers started using new file formats such as ISO images and password-protected
ZIP files. - These file formats quickly gained popularity, aided by a Windows bug that allowed ISOs to bypass security warnings
- The popular 7-Zip utility’s failure to propagate mark-of-the-web flags to files extracted from ZIP archives.
- These bugs were fixed by both 7-Zip and Windows recently
- The new update preventing users from opening files in downloaded ISO and ZIP files without scary security warnings.
- Microsoft OneNote is a free desktop digital notebook application that comes with Microsoft Office 2019 and Microsoft 365.
- Meanwhile, the tech giant banned cryptocurrency mining from its
online services to protect all of its cloud customers. - “Cryptocurrency mining can disrupt or even impair Online Services and its users, and is often associated with unauthorised access to and use of customer accounts,” Microsoft told The Register.
- “We made this change to further protect our customers and mitigate the risk of disrupting or impairing services in the Microsoft Cloud,” it added.
