34 C
Friday, May 29, 2020
Tel: 8850717892
Home Security Awareness OneNote Used To Sidestep Phishing Detection

OneNote Used To Sidestep Phishing Detection


Microsoft’s OneNote known for its’ simple note-taking and digital organizing features was recently on the headlines for perhaps the wrong reasons. Discovered by Cofense, Microsoft OneNote was used recently to target victims with a phishing campaign. The digital notebook was used to perpetuate the “Agent Tesla keylogger”.

As reports suggest, the digital app that can save and sync notes hassle-free was used to outmaneuver detection tools and progressively download malware software into any victims’ computer.


This leverage used by the attacked was key as OneNote is easy to experiment with and its features allow for such experiments to prosper. The ease of use and accessibility feature enables such cyber attacks to take place.

The hacker delivered a luring technique to steal credentials from the victim by bringing them to a landing page (phishing page) that started with them posing as a  marketing executive who had sent a link sent to the victims’ email containing a link to a OneNote document. This usually was an invoice or some other document that at first glance seemed pretty harmless. Once the victim clicked the link to access the document, the so-called “phishing notebook” through various intrusion methods helped evade email security controls. Agent Tesla keylogger enabled that.

Weeks of research and tracking cyber footprints revealed that the attacker was using a “swapped-layout” mechanism of the OneNote page to deliver his/her phishing campaign.

Taking advantage of OneNote

Researchers claimed that the use of OneNote to deliver this phishing campaign was indeed indigenous. As it allowed the attacker to easily change the various templates and inturn adapt to a different one based on the victim profiles.

OneNote as a digital note-taking application has ready accessibility that needs no maintenance and basically acts as a free database that can be of potential threat to cybercriminals. The downside is that the services have led to illegal and criminal activity in the past and that is why Microsoft needs to course check with these types of applications.

Having said that, the success rate of this phishing campaign is undisclosed yet and sources are yet to lock a figure.

- Advertisement -
- Advertisement -


Please enter your comment!
Please enter your name here

BlARROW the best website that provided cracked and nulled scripts to the world in 2012 is back again with some ethical stuffs, back then the website was forcefully shut down due to illegal stuffs so we decided to do something ethical and help people overcome the problems that they face and do not know how to solve the errors/bugs. So, Lets together make this website a great content website. We also provide various coupons over the internet. So, stay connected and grab some paid courses or coupons for free.
- Advertisement -

Must Read

Can Urban Biodiversity Be an Answer?

Context: Biodiversity is a variety of life, ranging from plants, animals and other organisms that can be found in one ecosystem. For many, biodiversity is...