Careful when using OneNote, cybercriminals might target you

by Alexandru Poloboc

Alexandru Poloboc

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,… read more

  • Microsoft’s OneNote might seem harmless at first sight, but hackers are one step ahead of you.
  • Since macros don’t work here, like in Word or Excel, cybercriminals had to get more inventive.
  • Thus, files received and opened through the app might end up being a highly costly mistake.

note malware

There’s no denying the fact that, for the longest time, cybercriminals have been exploiting the macro feature in Office applications like Word and Excel to infect unsuspecting users’ PCs with malware.

If you don’t know how this works, malicious third parties typically do this by injecting malicious macro code into a legitimate Word or Excel document, then convincing users to enable macros to allegedly display the file properly.

The Redmond tech company is aware of this behavior, so it eventually blocked macros in Office documents by default.

That being said, cybercriminals are now using another app to trick users into infecting their own PCs with malware, which is the digital note-taking app OneNote.

Opening shady OneNote messages could be a costly mistake

According to recent reports, witty cybercriminals have been found sending phishing emails that purportedly contain DHL invoices, remittance forms, shipping notifications and documents, and mechanical drawings.

Thus, instead of using macros and alerting everyone, which OneNote does not support, cybercriminals are exploiting OneNote’s ability to attach files within a notebook.

Their goal is achieved by attaching malicious VBS files to a OneNote notebook. And, when double-clicked, these files automatically download and install malware from a remote site.

In order to further conceal them and make the OneNote document look as legitimate as possible, threat actors overlay a Double click to view file box over them.

Pretty enticing for your average user and clicking on the box will launch the malicious files, which will install malware onto the device.

Source: BleepingComputer

Note that OneNote will warn users that opening attachments could harm the user’s computer and data, but many users might just ignore the warning and click the OK button anyway.

After downloading, you will get a decoy OneNote document that opens and looks like the document you expected.

Don’t get fooled, however, as the VBS file will also execute a malicious batch file in the background to install malware on the device.

Reports also indicate the fact that the OneNote files install remote access trojans that include information-stealing functionality.

A lot of security experts also took to Twitter and other social media platforms to warn unsuspecting users about these dangers lurking in plain files.

You aren’t new to the internet, so you know that malicious third parties also commonly use remote access trojans to steal cryptocurrency wallets from victims’ devices.

If you are looking for the best way to protect yourself from malicious attachments, simply do not open files from people you do not know.

On the off chance you already have mistakenly opened a file, do not disregard warnings displayed by the operating system or application.

Have you been receiving suspicious OneNote messages? Share your experience with us in the comments section below.

Still having issues? Fix them with this tool:


If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *