Emotet: Malware now spreads through OneNote documents

Emotet: Malware now spreads through OneNote documents

To bypass security restrictions, the Emotet malware now also spreads via OneNote attachments. So far, the malicious code has mainly been transmitted via Microsoft Office and Excel. After the attachment is opened, a DLL file will be downloaded.

The malware then ensures that contacts and emails are stolen so that the data can be used in further spam campaigns. The malware is also able to download additional programs and give hackers access to the company network. The backdoor gives attackers a loud voice Bleeding computer the option to spy on corporations or run ransomware attacks.

Via an e-mail, the …
emotet… OneNote attachment delivered with malicious code

Word and Excel macros are blocked

To curb the number of malware infections, Microsoft has been blocking macros contained in downloaded Word and Excel files for some time. As a result, hacker groups have now started to integrate Emotet into OneNote attachments. As usual, the documents are delivered via spam emails and as part of social engineering attacks. With OneNote it is possible to create design elements that cover other content. A fake banner asks the user to double-click the “View” button to open a supposedly protected document. An embedded script was placed under the button, which is then executed and the malware installed.

The Redmonders also want to counteract this development. Last week it became known that Microsoft would like to equip OneNote with improved malware protection. In the future, users will be notified if a file is classified as dangerous. A clearer indication is intended to ensure that more careful consideration is given to the trustworthiness of the sender. Administrators can now disable embedded OneNote files through OneNote Policies.


  • Emotet malware spreads via OneNote attachments.
  • Malware uses contacts and emails.
  • Microsoft blocks macros in Word and Excel files.
  • Hacker groups use OneNote attachments with embedded scripts.
  • Microsoft OneNote is to receive improved malware protection.
  • Administrators can disable embedded OneNote files.
  • Users should think about the trustworthiness of the sender.

See also:

internet, safety, security

Internet, safety, vulnerability, hacker, security, malware, attack, hack, crime, Trojan, virus, malware, exploit, cybercrime, cybersecurity, hacker attack, hacking, Internet crime, system, hacker attacks, hacker attack, hacking, attack, ransomware, Hacks, Hacked, Pest, Malware Warning

Leave a Comment

Your email address will not be published. Required fields are marked *