Explorer

Microsoft OneNote Being Leveraged By Bad Actors To Spread Malware: Here’s What You Should Do

The Qakbot malware can steal information such as usernames, passwords, and cookies from Web browsers.

Threat actors are found to leverage Microsoft OneNote attachments to deploy a Formbook malware, dubbed Qakbot, among unsuspecting users. As discovered by Chicago-headquartered cybersecurity firm Trustwave, the Formbook malware is being spread via spam emails which carry OneNote attachments. 

Why OneNote?

As per a February 1 blog post by dark Web monitoring and cyberthreat intelligence firm Cyble, Trustwave first saw instances of the OneNote-administered malware in December 2022. As to why the choice of Microsoft’s digital notebook tool, Cyble suggested that using OneNote helps the bad actors avoid detection by antivirus apps, in turn increasing the chances of successful infections.

How does the malware infection work?

The process of infection is pretty straightforward. Once an unsuspecting user opens an attachment, it releases an embedded .hta file (executed by mstha.exe). This in turn leads to a Qakbot DLL file being downloaded, which is executed by rundll32.exe. 

How can Qakbot harm you?

As per Cyble, Quakbot is a “constantly evolving malware that can have serious consequences for its victims.” It can steal information such as usernames, passwords, and cookies from Web browsers. It can also steal emails. Quakbot also has the ability to spread to other devices within a network in order to deploy other malware families such as ransomware. 

Quakbot can be used to commit severe crimes such as financial fraud and identity theft, among others. 

How can you protect your PC?

For starters, you should avoid opening emails from unknown/unverified users. 

Cyble notes that downloading pirated software from unofficial sites can also lead to the spread of malware on your system. 

It is also a good idea to use strong passwords as well as multi-factor authentication as much as possible. A good antivirus app on PCs or phones is highly recommended.

Lastly, if you are an employer, it’s advised to enable data loss protection (DLP) solutions on your employees’ systems.

Top Headlines

Centre Issues Notice To Meta Over WhatsApp Usernames Roll-Out, Seeks Reply In 3 Days
Centre Issues Notice To Meta Over WhatsApp Usernames Roll-Out, Seeks Reply In 3 Days
EXCLUSIVE | Asus Is Betting India's Next PC User Won't Buy A 'Regular' Laptop
Asus Is Betting India's Next PC User Won't Buy A 'Regular' Laptop
Centre To Examine WhatsApp User ID Feature Over Fraud Concerns
Centre To Examine WhatsApp User ID Feature Over Fraud Concerns
Why Smart Indian Investors Are Betting On AI, Space, And Global ETFs
From AI To SpaceX: Why Indian Investors Are Looking Beyond Domestic Markets

Videos

BREAKING: Court Recovery Records Detail Cash, Dollars and Valuables Seized in Ayodhya Temple Case
BREAKING: Exclusive Recovery Records Reveal Major Cash Haul in Ayodhya Temple Offering Theft Case
No Cap With Megha Prasad: Was the Ram Mandir Donation Scandal Suppressed on June 5?
Ram Temple Donation Theft: Biggest Misappropriation Allegedly Took Place During Maha Kumbh, Say Sources
Ram Temple Donation case: Akhilesh Yadav Says ‘Lord Ram Made Me a Medium’ to Raise the Issue

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget