Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023.

With the increasing popularity of Microsoft's popular note-taking app, now contact information, customer information, and customer credit card data are more vulnerable to cyber criminals.

OneNote allows users to create highly customizable documents which can be saved as a PDF or online. Document files that are saved online are often saved directly to OneNote storage and users can share these documents with others by including them in a shared folder in the app.

These documents can also include links which point directly to malware hosted on credential theft websites. The apps potential for malware infection is worrisome given its wide use as it has become a standard tool for many to share news articles, study guides and academic materials with others.

In addition to the potential of infecting a user's machine, this tactic can also be used to send phishing emails containing hidden links and other malware-laden documents. Once clicked, the link will direct a user to an external website where they will be prompted for their login credentials which are then sent to the sender.

The increasing popularity of Microsoft's note-taking app has been recognized by cybercriminals and Proofpoint researchers expect this trend to continue throughout 2023.

‍

Source: OneNote Documents Increasingly Used to Deliver Malware - AlienVault - Open Threat Exchange