skip navigation
skip mega-menu

New Microsoft OneNote Threat: Malware launched through Documents

What is the threat to Microsoft Office users?

Attackers use Microsoft OneNote documents (part of Microsoft Office) to launch malware attacks. OneNote is a digital notebook that is included in the Microsoft 365 subscription. 

Attackers can attach files to OneNote documents, which can then be used to download malware from remote locations. All the attackers need to do is convince the victim to double-click on the file, which has proven to be a simpler task than expected. 

This type of cyber attack hides malware behind the 'click to view document' buttons in emails. This is a clever way to trick victims into thinking that the file is sensitive and requires additional protection, causing them to fall for the attack.

Even if you don’t use OneNote, you could still be at risk of one of these attacks. Attackers assume that businesses will likely have OneNote installed because it’s normally bundled with the rest of the Office applications. These new types of attacks have very low detection rates from antivirus software, and so are proving to be a serious threat.

How can I prevent these attacks from affecting my business?

  • Be wary of any attachments in emails from senders you don’t recognise

  • Don't click an email if it uses pressing language and the attachment looks suspicious

  • Make sure your Anti-Virus and Firewalls are updated

  • Think you’ve received a spam email? Report it: report@phishing.gov.uk 

Read our full Security Alert announcement

Subscribe to our newsletter

Sign up here