A new email campaign to distribute the emotet malware has been started.
Microsoft blocks macros in Office files now, so this is not an effective way to infect many users anymore.
Because of this OneNote files are attached to the mails now…
OneNote files may have design elements in a document which overlay attached files in this document. The elements are designed to make the user double-click on the design element to execute the hidden file.
The attached file is a VBscript file which downloads a DLL from a compromized site.
It is not clear at this time which workloads are exactly loaded and deployed.
So, be careful when receiving mails with attached OneNote files….
Read the whole article with more information here: