BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The notorious Emotet malware now spreads through Microsoft OneNote files

    The attackers had to change the delivery channel after the recent actions of the Redmond company.

    Emotet malware, which we reported on recently after a long hiatus, is now spreading via Microsoft OneNote email attachments in an effort to bypass Microsoft's latest security restrictions and infect more computers.

    Emotet is a known malicious botnet that has historically spread through Microsoft Word and Excel email attachments containing malicious macros. If a user opens such an attachment and activates macro support, this causes a malicious DLL to be downloaded and executed, which installs the Emotet malware on the victim's computer.

    Once downloaded, the malware can steal contacts and emails for future spam campaigns. Emotet can also be used to install other payloads that provide initial access to the corporate network for subsequent cyberattacks.

    With Microsoft now automatically blocking macros in uploaded Word and Excel documents, including files attached to emails, the Emotet malware campaign has become dramatically ineffective. However, the attackers quickly reacted to the steps taken by Microsoft and began to distribute malware through OneNote attachments.

    The image above shows an example of such an attack. The phishing email has a Microsoft OneNote file attached. Inside it contains a fake message that the document is protected, and for correct viewing, you need to double-click the "View" button. However, just under this button, the attackers hid a malicious VBScript file called "click.wsf", the launch of which leads to the execution of malicious code.

    The above VBScript contains a convoluted script that downloads a DLL from a remote website and then executes it.

    Although OneNote displays a warning when a user tries to run embedded content in a file, statistics show that many users often click the OK button just to get rid of the warning without reading the text and thinking about the possible consequences.

    Microsoft is already aware of the problem and will soon add improved protection against phishing documents to OneNote, but the exact date when the update will become available to everyone has not yet been named.

    As a workaround, Windows system administrators can use Group Policies to completely or partially block inline scripts in Microsoft OneNote files.

    Author DeepWeb
    New ScrubCrypt crypter used in cryptojacking attacks targeting Oracle WebLogic
    BATLOADER malware uses Google Ads to deliver Vidar and Ursnif infostealers

    Comments 0

    Add comment