Microsoft OneNote files used to distribute emotet malware


Userlevel 7
Badge +17

A new email campaign to distribute the emotet malware has been started.

Microsoft blocks macros in Office files now, so this is not an effective way to infect many users anymore.

Because of this OneNote files are attached to the mails now…

OneNote files may have design elements in a document which overlay attached files in this document. The elements are designed to make the user double-click on the design element to execute the hidden file.

The attached file is a VBscript file which downloads a DLL from a compromized site.

It is not clear at this time which workloads are exactly loaded and deployed.

 

So, be careful when receiving mails with attached OneNote files….

 

Read the whole article with more information here:

https://www.bleepingcomputer.com/news/security/emotet-malware-now-distributed-in-microsoft-onenote-files-to-evade-defenses/


4 comments

Userlevel 7
Badge +20

Yikes now via OneNote what won't they try. Thanks for the heads up.

Userlevel 7
Badge +7

Never relaxed.. :(

 

Thanks for sharing Joe!

Userlevel 1
Badge

Sharing information is the best defense.

Thanks

Userlevel 7
Badge +20

Sharing information is the best defense.

Thanks

Absolutely and why this community is so great.  Everything is not just Veeam.  😉

Comment