Researchers from two security outfits have observed malware campaigns abusing Microsoft’s OneNote application since the software giant began blocking macros by default last year.
Proofpoint researchers said they began seeing an increase in OneNote documents delivering malware via email in December and January using the “.one” extensions as attachments and URLs.