HomeArchitecture

OneNote Used To Sidestep Phishing Detection

Architecture

Microsoft’s OneNote known for its’ simple note-taking and digital organizing features was recently on the headlines for perhaps the wrong reasons. Discovered by Cofense, Microsoft OneNote was used recently to target victims with a phishing campaign. The digital notebook was used to perpetuate the “Agent Tesla keylogger”.

As reports suggest, the digital app that can save and sync notes hassle-free was used to outmaneuver detection tools and progressively download malware software into any victims’ computer.

OneNote

 

This leverage used by the attacked was key as OneNote is easy to experiment with and its features allow for such experiments to prosper. The ease of use and accessibility feature enables such cyber attacks to take place.

The hacker delivered a luring technique to steal credentials from the victim by bringing them to a landing page (phishing page) that started with them posing as a  marketing executive who had sent a link sent to the victims’ email containing a link to a OneNote document. This usually was an invoice or some other document that at first glance seemed pretty harmless. Once the victim clicked the link to access the document, the so-called “phishing notebook” through various intrusion methods helped evade email security controls. Agent Tesla keylogger enabled that.

Weeks of research and tracking cyber footprints revealed that the attacker was using a “swapped-layout” mechanism of the OneNote page to deliver his/her phishing campaign.

Taking advantage of OneNote

Researchers claimed that the use of OneNote to deliver this phishing campaign was indeed indigenous. As it allowed the attacker to easily change the various templates and inturn adapt to a different one based on the victim profiles.

OneNote as a digital note-taking application has ready accessibility that needs no maintenance and basically acts as a free database that can be of potential threat to cybercriminals. The downside is that the services have led to illegal and criminal activity in the past and that is why Microsoft needs to course check with these types of applications.

keylogger 540x270 1

Having said that, the success rate of this phishing campaign is undisclosed yet and sources are yet to lock a figure.

- Advertisement -

pranitakhedkar
pranitakhedkar
An Architect by profession & practice, Pranita is a keen observer and specialises in content, visualisation, and presentation. Cyber attacks & Architecture Technology in the far more technologically-advanced world made her realise that there is a lack of necessary awareness among people. Hence, keeping you all updated and protected by all means with subjects from Architecture Technology to Security Awareness.Currently working as a Head of Content, content writer & creator at BLARROW.TECH

- Advertisement -

Latest articles

Previous article
Designing For The Physically Differently Abled
Next article
Embodied Carbon in Construction Calculator

Related articles

Popular articles

Old articles

Newsletter

Subscribe to get the latest news, offers and special announcements.

By subscribing, you're accepting to receive promotions.

BlARROW is a unilingual, electronic, free-content site which composes write-ups on issues concerning online security and architecture technology. It is run helpfully by content scholars who write on a broad scope of subjects. Anyone with access to the internet connection and an ache to gain some new useful knowledge can get to these articles. Aside from this, they additionally give Udemy coupons, Appstore Games, and applications, all for free.
So, in case one is curious to learn something new, gain widespread knowledge without drawing a hole in the pocket.

© 2019 - 2023 BLARROW ONLINE SERVICES OPC PVT LTD