You are here

Threat Awareness – Emotet Malware Being Distributed Via Microsoft OneNote

Threat Awareness – Emotet Malware Being Distributed Via Microsoft OneNote

Created: Tuesday, March 21, 2023 - 14:02
Categories:
Cybersecurity

Threat actors behind the infamous Emotet malware, which recently re-emerged this month to infect users through their inboxes once again, are now exploiting Microsoft OneNote to distribute the malware and bypass Microsoft security restrictions, according to security researchers at Malwarebytes.

Since mid-December 2022, threat actors have been increasingly exploiting Microsoft OneNote files to deliver malware and compromise victims. A successful Emotet attack typically leads to the delivery of additional malware, including ransomware. In this specific Emotet OneNote campaign, researchers observed malicious attachments being delivered in reply-chain emails with subjects that purport to be how-to guides, invoices, job references, and other lures. If the user downloads the attachment and executes the hidden malicious VBScript underneath the "View" button, the script will ultimately download Emotet. The malware will then quietly run on the device, stealing email, contacts, and awaiting further commands from the command-and-control server. To help organizations proactively defend against this activity, BleepingComputer posted comprehensive guidance on how to block malicious Microsoft OneNote files (posted below). Read more at Malwarebytes Labs or at BleepingComputer.

Additional WaterISAC Reporting on the OneNote infection vector and Emotet: