Explorer

Microsoft OneNote Being Leveraged By Bad Actors To Spread Malware: Here’s What You Should Do

The Qakbot malware can steal information such as usernames, passwords, and cookies from Web browsers.

Threat actors are found to leverage Microsoft OneNote attachments to deploy a Formbook malware, dubbed Qakbot, among unsuspecting users. As discovered by Chicago-headquartered cybersecurity firm Trustwave, the Formbook malware is being spread via spam emails which carry OneNote attachments. 

Why OneNote?

As per a February 1 blog post by dark Web monitoring and cyberthreat intelligence firm Cyble, Trustwave first saw instances of the OneNote-administered malware in December 2022. As to why the choice of Microsoft’s digital notebook tool, Cyble suggested that using OneNote helps the bad actors avoid detection by antivirus apps, in turn increasing the chances of successful infections.

How does the malware infection work?

The process of infection is pretty straightforward. Once an unsuspecting user opens an attachment, it releases an embedded .hta file (executed by mstha.exe). This in turn leads to a Qakbot DLL file being downloaded, which is executed by rundll32.exe. 

How can Qakbot harm you?

As per Cyble, Quakbot is a “constantly evolving malware that can have serious consequences for its victims.” It can steal information such as usernames, passwords, and cookies from Web browsers. It can also steal emails. Quakbot also has the ability to spread to other devices within a network in order to deploy other malware families such as ransomware. 

Quakbot can be used to commit severe crimes such as financial fraud and identity theft, among others. 

How can you protect your PC?

For starters, you should avoid opening emails from unknown/unverified users. 

Cyble notes that downloading pirated software from unofficial sites can also lead to the spread of malware on your system. 

It is also a good idea to use strong passwords as well as multi-factor authentication as much as possible. A good antivirus app on PCs or phones is highly recommended.

Lastly, if you are an employer, it’s advised to enable data loss protection (DLP) solutions on your employees’ systems.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

SpaDeX Mission Lifts Off: ISRO Is Sending Spinach, Its First Biological Payload, To Space For Special Study
SpaDeX Mission Lifts Off: ISRO Is Sending Spinach, Its First Biological Payload, To Space
Delhi LG VK Saxena Objects To Arvind Kejriwal Calling Atishi A ‘Temporary CM’, Terms It As ‘Insult’ To President
Delhi LG VK Saxena Objects To Arvind Kejriwal Calling Atishi A ‘Temporary CM’, Terms It As ‘Insult’
Nikita Singhania’s Allegations Against Atul Subhash: ‘Forced Me Out Of House Twice, Assaulted, Threatened To Kill’
Nikita Singhania’s Allegations Against Atul Subhash: Forced Me Out Of House, Threatened To Kill
Rahul Gandhi ‘Exploited’ Manmohan Singh’s Death: BJP Slams LoP’s Vietnam Trip. Congress Alleges ‘Diversion Politics’
Rahul ‘Exploited’ Manmohan Singh’s Death: BJP Slams LoP’s Vietnam Trip. Congress Hits Back
Advertisement
ABP Premium

Videos

PM Modi Highlights Constitution's Legacy in 117th 'Mann Ki Baat' AddressAstrologer Dr. Niti Sharma Reveals: How Will 2025 Be for People with Life Path Number 1?New Year Prediction: Astrologer Dr. Niti Sharma Reveals What 2025 Has in StorePrediction 2025: A Year of Major Changes, Sun and Mars to Have Significant Impact

Photo Gallery

Embed widget