It has come to light that phishing assaults are increasingly using Microsoft OneNote pages to spread malware, which is another indicator that threat actors are doing well in the post-macro era. These include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook, among other noteworthy malware families.
The enterprise security company Proofpoint reported that in just the month of January 2023, it discovered over 50 campaigns using OneNote attachments. Some email phishing ploys include a OneNote file, which embeds an HTA file that launches a PowerShell script to obtain a malicious payload from a remote server.