OneNote is a digital note-taking and organization tool that allows users to capture, store, and share information. It can be used for a variety of purposes, such as taking notes in meetings or class, organizing research, and collaborating with others. OneNote has become popular among individuals and organizations alike due to its versatility and ease of use.

OneNote provides users with a virtual notebook where they can create and store notes, add multimedia elements like images and audio recordings, and even draw or handwrite notes. The notes are organized into sections and pages, allowing users to easily find and reference information. OneNote also integrates with other Microsoft products, such as Office and Outlook, which makes it a valuable tool for people who already use those applications.

Another key aspect of OneNote is its collaboration capabilities. Users can share their notebooks with others, allowing multiple people to access and edit the same information in real-time. This makes it a useful tool for team projects, group study sessions, and other collaborative endeavors.

Overall, OneNote's combination of ease of use, versatility, and collaboration features has made it a popular tool for note-taking and organization.  Due to OneNote’s growing popularity among organizations and companies alike, hackers have taken to exploiting OneNote in order to take control of target computers.

How Hackers Exploit OneNote to Access Victim’s PC

Hackers have been using malicious Microsoft OneNote attachments as part of phishing scams to remotely access victims' computers. The phishing emails typically appear to be from a trusted source and contain an attachment or a link to a OneNote file. When the victim opens the attachment or clicks on the link, it launches a malicious script that gives the attacker remote access to the victim's computer.

Once the attacker has gained access to the victim's computer, they can use it to steal sensitive information, install additional malware, or carry out other malicious actions. In some cases, the attackers have used the remote access to install ransomware, which encrypts the victim's files and demands a ransom payment in exchange for the decryption key.

It's important to note that these phishing scams are not a vulnerability in Microsoft OneNote itself, but rather a tactic used by attackers to exploit human trust and trick victims into installing malware on their computers. By using OneNote as part of the scam, attackers are able to make the emails appear more legitimate and increase the chances of victims falling for the scam.

To protect yourself from these types of attacks, it's important to be cautious of unexpected emails or links, especially if they contain attachments or direct you to download something. Always verify the authenticity of requests for information or downloads before acting on them, and be sure to keep your software and security tools up-to-date to reduce your risk of falling victim to phishing scams.

We recommend that you go even further and outright block OneNote attachments from within your spam filter or email security gateway.  We have started blocking OneNote attachments outright since learning of this potential exploit.  If you are unsure about your email security, or interested in learning more about how Natural Networks can work with your team to prevent spam, phishing, and know best practices, give us a call today!