cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Microsoft combats OneNote phishing attacks with new update

Microsoft has announced a slew of protective updates after reports that bad actors were using its OneNote program to launch phishing attacks.

user icon Daniel Croft
Mon, 13 Mar 2023
Microsoft combats OneNote phishing attacks with new update
expand image

The updates, which will be applied to the tech giant’s cloud-based collection of productivity software, Microsoft 365, will add additional protective measures to the program, such as warning users when a file could be dangerous.

Cyber criminals have been using OneNote documents with ‘.one’ file extensions that contain embedded malicious files to launch phishing attacks.

Users would be presented with overlays asking them to click to view the document, which would then run the malicious program.


The malware launched has been reported to record video using the victim’s webcam and take screenshots of a user’s screen, meaning financial, personal, and other data is at risk. In some cases, the malicious files are able to install remote access Trojans.

“From what we have seen, any files can be easily embedded in OneNote,” said Bernard Bautista, a researcher from Trustwave SpiderLabs.

“Together with tricky social engineering techniques, threat actors can successfully take control of a target’s system and steal sensitive data.

“Furthermore, OneNote documents do not include ‘Protected View’ and Mark-of-the-Web (MOTW) protection increasing the risk of exposure to potentially malicious files and making it attractive to cyber criminals.”

Microsoft added a new entry to its Microsoft 365 road map titled Microsoft OneNote: improved protection against known high-risk phishing file types, which revealed the new updates.

Now, when a file seems dangerous or suspicious, OneNote users will receive a notification warning them to avoid opening the file.

While the new update does provide an extra layer of security, users can and often do ignore such warnings. As is usually the case, the best way to prevent becoming a victim is to learn good security practices, such as not opening suspicious emails or downloading unknown attachments and to keep security software up to date at all times.

Prior to OneNote, hackers were leveraging Microsoft’s Word and Excel programs. This was quickly patched by Microsoft, causing bad actors to make the move to OneNote.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.