chm files which have an index.html file embedded that would run inline JavaScript. Recently we have also observed the usage of. Basically any type of file that can execute malware when executed. These files could be executables, JavaScript files, HTML files, PowerShell, …. If the picture is clicked, it will execute the file hidden beneath. The OneNote feature that is being abused during these phishing campaigns is hiding embedded files behind pictures which entices the user to click the picture. Later, in the beginning of February, the hacker news covered this as well. This was later also mentioned in Xavier’s ISC diary and on the podcast. I first observed this OneNote abuse in the media via Didier’s post. In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |