Cyber criminals are using uniquely crafted phishing emails to infect victims with malware — and they're doing so by experimenting with a new method of delivering the malicious payload.

According to analysis by Proofpoint, there's been a rise in cyberattackers attempting to deliver malware using OneNote documents, a digital notebook signified by .one extensions that is part of the Microsoft 365 office applications suite.

Cybersecurity researchers note that it's unusual for OneNote documents to be abused in this way and there's one simple reason why attackers are experimenting with them — because they can more easily bypass threat detection than other attachments. And it appears to be working.

“Based on data in open-source malware repositories, initially observed attachments were not detected as malicious by multiple anti-virus engines, thus it is likely initial campaigns had a high efficacy rate if the email was not blocked,” Proofpoint told ZDNET.

Source: Hackers are using this new trick to deliver their phishing attacks | ZDNET