QakNote – OneNote malware now has name

I use OneNote a lot – so I had to follow up on my previous post about OneNote attachments being used as an attack vector. OneNote has become the threat actors new choice of attachment probably because Microsoft closed the door on macro attacks.

In the wild, Microsoft OneNote’ .one’ email attachments have been reported infected with a version of the banking trojan Qbot, that has been named “QakNote”.

New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)

Your take away from this

Even f you do not use OneNote, you could still be a victim of this attack if you open the attachment as OneNote comes preinstalled with a variety of versions of Windows, Microsoft Office and Microsoft 365.

The standard security advice for any attachment you receive by email:

Do not open any unexpected attachment from an organisation (no matter how official they sound) or unknown person or even open a faintly suspicious attachment looking attachment from someone you know. Get help from your IT/Cyber Security support team, or ask a colleague, or check with the sender. Better to be safe than sorry.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

onenote macro 200