An example of a malicious document, with a social engineering aspect. Common e-mail providers, like Gmail and Outlook, don’t block file attachments associated with OneDrive and OneDrive notebooks with embedded executables share the same file extension as other OneDrive notebooks.įigure 2. Prompt when executing files from OneNote.įiles itself are distributed mostly via e-mail. The files itself are executed with a double-click, after confirming a security prompt.įigure 1. OneNote allows attackers to embed executable files inside notebooks. With the discontinuation of macros, OneNote is the latest app to be abused by threat actors. Without Protected View, files bearing the MotW (files downloaded from the Internet, or extracted from some archives), don’t get any extra security features. Additionally, and unlike other Office applications, OneNote does not feature Protected View. This means it’s very prevalent on business computers, registered to open notebooks and ready to be abused.
OneNote, a popular note taking app, is a part of the Office 365 suite.
0 kommentar(er)
