Explorer

Microsoft OneNote Being Leveraged By Bad Actors To Spread Malware: Here’s What You Should Do

The Qakbot malware can steal information such as usernames, passwords, and cookies from Web browsers.

Threat actors are found to leverage Microsoft OneNote attachments to deploy a Formbook malware, dubbed Qakbot, among unsuspecting users. As discovered by Chicago-headquartered cybersecurity firm Trustwave, the Formbook malware is being spread via spam emails which carry OneNote attachments. 

Why OneNote?

As per a February 1 blog post by dark Web monitoring and cyberthreat intelligence firm Cyble, Trustwave first saw instances of the OneNote-administered malware in December 2022. As to why the choice of Microsoft’s digital notebook tool, Cyble suggested that using OneNote helps the bad actors avoid detection by antivirus apps, in turn increasing the chances of successful infections.

How does the malware infection work?

The process of infection is pretty straightforward. Once an unsuspecting user opens an attachment, it releases an embedded .hta file (executed by mstha.exe). This in turn leads to a Qakbot DLL file being downloaded, which is executed by rundll32.exe. 

How can Qakbot harm you?

As per Cyble, Quakbot is a “constantly evolving malware that can have serious consequences for its victims.” It can steal information such as usernames, passwords, and cookies from Web browsers. It can also steal emails. Quakbot also has the ability to spread to other devices within a network in order to deploy other malware families such as ransomware. 

Quakbot can be used to commit severe crimes such as financial fraud and identity theft, among others. 

How can you protect your PC?

For starters, you should avoid opening emails from unknown/unverified users. 

Cyble notes that downloading pirated software from unofficial sites can also lead to the spread of malware on your system. 

It is also a good idea to use strong passwords as well as multi-factor authentication as much as possible. A good antivirus app on PCs or phones is highly recommended.

Lastly, if you are an employer, it’s advised to enable data loss protection (DLP) solutions on your employees’ systems.

Top Headlines

Dreame L50s Pro Ultra Review: The Ferrari That Replaced The Rolls-Royce
Dreame L50s Pro Ultra Review: The Ferrari That Replaced The Rolls-Royce
Centre Issues Notice To Telegram, Directs Immediate Take Down Of Pirated Films, OTT Content
Centre Issues Notice To Telegram, Directs Immediate Take Down Of Pirated Films, OTT Content
Ashwini Vaishnaw Directs MeitY To Summon Meta Over Instagram Ads 'Promoting' Child Sexual Abuse Material
Meta Under Govt Scanner Over Instagram Ads 'Promoting' Child Sexual Abuse Material
WhatsApp Just Made Setting Up On An Android Tablet A Lot Simpler
WhatsApp Just Made Setting Up On An Android Tablet A Lot Simpler

Videos

BREAKING: Tehran reports show large crowds and chants during funeral coverage of Khamenei eventLIVE
Breaking: Ayodhya Ram Mandir Trust meeting agenda to review resignations amid donation theft probe reports live
BREAKING: Madhya Pradesh and Gujarat floods disrupt life as heavy rains submerge cities live today
BREAKING: Tehran mass mourning reports show chants and crowds during Khamenei farewell coverage live
Breaking: Tehran sees massive crowds and anti-US chants during reported Khamenei farewell coverage live

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget