Hackers Are Trying Something New (Again) - Watch Out!
Рет қаралды 356,639
Күн бұрынThanks to Acronis (formerly Acronis True Image) for sponsoring this video! Head to go.acronis.com/THIOJOE and use code THIOJOE2023 to get 30% off Acronis Cyber Protect Home Office!
The video discusses how cyber criminals are using OneNote files to spread malware. The attackers attach a malicious file to a OneNote document and send it via email, typically with a fake button that runs the file. However, opening the OneNote file alone will not infect the computer, and the user needs to click on the script or executable to get infected. Although OneNote pops up a warning box before opening the attachment, people often click through it. In this video I also discuss ways to protect against this type of malware, as well as another crazy virus technique I just learned about recently.
▼ Time Stamps: ▼
0:00 - Intro
0:37 - How it Works
1:54 - A Very Good Thing Indeed
3:18 - What If You Fall For It?
4:25 - Crazy Virus Technique
6:27 - A Demonstration
7:47 - Defending Against It
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
@JohnSmith-xq1pz Жыл бұрын
Hackers be like and we would've gotten away with it if it wasn't for that darn ThioJoe
@CattopyTheWeb Жыл бұрын
Hackers view: That ThioJoe guy always stops us and exposes our techniques. We have to Hack him
@the_red_gamer Жыл бұрын
all the people who don't watch tech videos:
@Jasona1976 Жыл бұрын
Use correct English.
@REAL-UNKNOWN-SHINOBI Жыл бұрын
Would have got away with it if I wasn't using Microsoft office
@JohnSmith-xq1pz Жыл бұрын
@@Jasona1976 too much work
@hydrolink5297 Жыл бұрын
It is amazingly disgusting how much work hackers are putting in just to start chaos..
@deleteduser8652 Жыл бұрын
also It's very amazing that people fall to their tricks.
@Raiom. Жыл бұрын
@@deleteduser8652 Not really
@Raiom. Жыл бұрын
They don't do this kind of stuff just to start chaos... it's mainly for stealing your money
@Aeduo Жыл бұрын
It's a hugely profitable industry.
@photlam9769 Жыл бұрын
If the money is there Id do it just as anyone else would
@SubtotalAnt8185 Жыл бұрын
The one thing the malware is most likely to do is keylogging. If you discover you ran a suspicious file too late, remember to check the startup folder and sign out or restart your computer.
@freedustin Жыл бұрын
poison the well, pipe rand to virtual keyboard :)
@0xfadead Жыл бұрын
Just boot into a live image.
@freedustin Жыл бұрын
@@0xfadead you'd still have to reboot.
@0xfadead Жыл бұрын
@@freedustin I prefer shutting down, then inserting the hard drive and only after that booting into bios
@castorbudujemy Жыл бұрын
Yeah, thats why bank apps added that wierd password input with some blocked fields- keylogging is useless when one dont type whole password
@tonysolar284 Жыл бұрын
Maybe Linus Tech Tips should have taken this tip to heart.
@robster7787 Жыл бұрын
His latest post confirms your assumption
@fredbecker607 Жыл бұрын
That is what he said.
@chuckpoore Жыл бұрын
This exact thing happened to me at work a few weeks ago, but what made it so pernicious, is that email came from someone I had gotten emails from before. The email sender had been spoofed. The blurred attached document was an invoice, and I do get invoices from this person, so it seemed legit. So I clicked on it. What it did, was started spoofing MY email address and propagating it all my contacts. Plus, it changed the settings in my Outlook so that sent email did NOT show up in my sent folder, so I had no idea it was happening until people started calling me about the email they were getting from me. Also, my network disabled my email address because it detected the spamming. It was a big mess, but we were able to clean it up. As far as we know it didn't do anything to our data or computer, because the IT tech checked everything out. It think it's purpose was just to propagate itself as a nuissance.
@david_allen1 Жыл бұрын
Sounds like you were lucky! That's good. But you really don't know for sure because, based on the events you mention, the attacker could have sent emails to himself with attachments from whatever your machine has access to (e.g. product drawings, specifications, personnel records, etc.), and you wouldn't know it because they didn't show up in Sent Mail. If you find out about it at all, it might be weeks, months or even years later when the information shows up in some unexpected way -- like a competitor has used your designs to make a new product your company was making. It can be pretty nasty when the effort of the attackers is focused with purpose, and not just a prank.
@mr_b_hhc Жыл бұрын
These types of attacks are very clever and easy to fall for. Just hope no zero days were involved...
@beardsntools Жыл бұрын
You're trying to hide behind social conditioning, but you were just dumb. Even tho it just happens that the person was sending you invoices.. they probably didn't do it in one note blurred and have an attachment inside behind a button, which then pop ups the warning about the said attachment. Here's the question: Which legitimate person would do this and for what reason? If they used to send it as .pdf before, why did they send it in this unusual way, where I have to click a button and open another file? The questions that never gets asked by people, who lack common sense and they proceed anyway. Also the microsoft outlook... your company really needs better IT that will install better email clients that detect and warn about spoofed emails and that wont allow malware to send emails from your end and hide it too.
@chuckpoore Жыл бұрын
@@beardsntools Well, one detail I forgot to mention, is that this email was actually forwarded to me from my boss, the owner of the company. He was actually the first one targeted, and just forwarded it to me as he normally would for an invoice to approve. So I had no reason to doubt it. Maybe it's not helpful to insult a victim.
@cigmorfil4101 Жыл бұрын
Possibly a proof of conception - proving the replication stage works before the payload is added.
@gingeral253 Жыл бұрын
Imagine if such creativity was put into progressing industry.
@ronjon7942 Жыл бұрын
It is. Have hope.
@D.von.N Жыл бұрын
I have a suspicion that this is part of the process. This is how those beginners are learning and testing their abilities - those who don't have other hidden agenda.
@maniac50ae14 Жыл бұрын
Its harder to get into the industry
@gingeral253 Жыл бұрын
@@maniac50ae14 That makes sense. Industry most of the time isn’t about these kind of skill applications, but more of bureaucracy.
@maniac50ae14 Жыл бұрын
@@gingeral253 moreso because corporate hiring structures are more exclusionary than inclusive... theyre more concerned with discerning why you font belong then figuring out if you could belong. And, they probably dont have the money to hire everyone so, it is what it is, but i think the mindset can definitely overlap though at time, it notoriously doesnt
@xninja111_YT Жыл бұрын
oh god, being secure is right now like playing cat and mouse
@notnecessary7730 Жыл бұрын
More like playing Russian roulette with a glock
@lpfan4491 Жыл бұрын
"You are never secure. You live until you don't."
@LyricsVillage Жыл бұрын
But it always has been...
@lpfan4491 Жыл бұрын
@@LyricsVillage Exactly.
@Britt4ny Жыл бұрын
honestly just dont check emails anymore lol. i only use mine for verification codes and havent had an issue yet. still good info to know, but extremely easy to not fall victim to this stuff, to the average PC user tho, this information is extremely important and im glad YT is recommending this video
@iBridgee Жыл бұрын
Thanks for the warning about these new hacking attempts. It's so important to stay vigilant online and protect our personal information.
@namvo3371 Жыл бұрын
As Vietnamese, we are deeply grateful for the content you have produced. Sending all our love and appreciation from Vietnam.
@jennymontague851 Жыл бұрын
Holy shite! Using a computer at all is like running through a minefield. I'm thinking of just going back to a typewriter, letters and postal mail. So sick of malware and scumbags who delude and mess with people like that. They are destryoing entire lives.
@jhawk3547 Жыл бұрын
Thanks for the heads up Joe. I will most certainly pass this on to my clients.
@NoNonsense316 Жыл бұрын
I learned about the RTL Override exploit just a few days ago. Very clever, indeed. Also very scary stuff; it's so easy to fall for it.
@robbrowne7625 Жыл бұрын
Thank you Thiojoe another thumb up for you. Thiojoe is literally the only youtuber I trust when it comes to tech. Your videos have always been so helpful. Still watch the old satire ones to as well just for kicks. Thank you man
@raracool04 Жыл бұрын
Microsoft should not have file extensions off by default, and as an added measure, they should have the file extension in bold to differentiate it from the file name itself.
@plumebrise4801 Жыл бұрын
They were always On by default on all the computer I had .
@yshaalan2011 2 ай бұрын
Or just remove the rtl override character
@darlenericotta7550 Жыл бұрын
Thank you for updates!
@ev021 Жыл бұрын
As always, cheers for the heads up Thio. Regards.
@gallium-gonzollium Жыл бұрын
3:43 Ransomware: “Your file is encryption” Me: “where’s encryption?” Ransomware: “exactly, it’s gone” Me:
@AccSwtch50 Жыл бұрын
Ah yes, shredding a file is the most effective way of encrypting files, so secure you can't even retreive it.
@dionnix Жыл бұрын
@@AccSwtch50yes, imagine a cmd tool that does that
@lindamora7 Жыл бұрын
Imagine if these intelligent hackers would use their gifts and talents to expose evil vs using it for evil, what a different world we would live in. Also if I'm doing the IT myself how would I block and prevent these scenarios?
@prowler1567 Жыл бұрын
Thanks for the update on cyber threats.
@xcurrentbreeze6626 Жыл бұрын
As much as I hate scammers, it is really interesting seeing how they keep adapting constantly. It's like a nuclear arms race between them and cybersecurity professionals.
@DeborahLong7777 Жыл бұрын
Excellent video and thanks. I need to catch up!
@indraallian6371 Жыл бұрын
Useful as always. Thanks TJ 😎
@BHSVanargand Жыл бұрын
The extension thing has been around for years. I found out about it in my first year of programming when I tried to hide a .bat file as .txt file.
@3dgamerz891 Жыл бұрын
Hi Thio! I really appreciate what you told us about. This single video might've helped many of the people because that's really an intelligent trick and anyone can fall for it. Personally, I don't open any Email attachments until I know who has sent me that file. I would like to repeat "avarice is the root of all evils".
@dirtyminerapparel Жыл бұрын
If we cut off their hands for hacking I bet they would stop hacking. The bigger issue is when we find these hackers and scammers we can’t do anything to them 99% of the time because most don’t reside in the US.
@GlassCanvas Жыл бұрын
I got one if these from a legitimate source. They were hacked. It created a onenote file in the onenote cloud folder. It was invisible for the Windows browser but one note could see it. It created another file which fortunately i did not click. The onenoe malware could not be deleted and if one tried to open it it would create an additional file. IOS could see the malware file but not delete it. Windows did not see it. I reached out to Microsoft, they escalated the issued and after some time they were able to delete the file from my account. This was well over a year ago so I am describing this as best as I remember.
@robster7787 Жыл бұрын
The emphasis is the command to grab the virus from an online server. That’s how you can bypass so many anti-virus software and preliminary scans only check known recognizable patterns.
@bazoo513 Жыл бұрын
Useful... Thanks!
@dathyr1 Жыл бұрын
Thanks for the info and the one note malware attached to it scam. I don't use one note and I don't click on any email links. I dont trust any emails anymore even though they look legit. Scams are getting worse everyday. If I get an email like this, I call the ACTUAL company up and find out if it is valid inquiry or request. If it is from a company or person I do not know, I just delete it. Always be very very cautious with emails or even phone calls now days.
@bobturner3388 Жыл бұрын
Great video! Thank you
@avvn9331 Жыл бұрын
Very interesting and clever way these virus creators are using
@mexicanreformist1522 Жыл бұрын
Love your videos, thanks for sharing. 👍
@PaulDziomba Жыл бұрын
Thank you for this information. You covered some very important points. I was once a corporate customer of Acronis and it was a horrible experience. The only parts that I will share is that they have no U.S. support and their developers are in Russia. No politics here, just sharing facts that you can use to make your own decisiond.
@deltasyn7434 Жыл бұрын
I've been getting ALOT more phishing attacks in my work email in the past several months.
@mr_b_hhc Жыл бұрын
This seems to be the case for a lot of people, something has changed with the phishing tactics recently as I didn't get more than 1 or 2 a month for 3 years, now sometimes 5-6 a day. My security habits have not changed nor my mail client, combine that with the increase others have mentioned and phishy spam seems back on the menu for the moment.
@modrribaz1691 Жыл бұрын
Same here, but on my personal email instead.
@John.Harper Жыл бұрын
Same, my inbox is flooded. Spam catches a lot, but about 2 make it through per day.
@Mikeywestabeast342 Жыл бұрын
You should do more videos like this. Good job!
@czcxwastaken Жыл бұрын
Thank you ThioJoe. You have saved my computer from so many viruses. My computer should be thanking you!
@Blaster_Unity_UB Жыл бұрын
The use of that click-through-image-exploit is really clever & well thought out. Well done, in a good sense, but don't do that anymore, cuz it's been found & more if your ways will be found.
@krankenwagen7198 Жыл бұрын
this article was released 1 month ago, thanks thiojoe (0:52 source in left corner)
@UndertaleAsrielDreemurr Жыл бұрын
Yesterday I got one of these emails. They would have gotten away with it if I didn't see this video
@SkatKat Жыл бұрын
Thank you very much. This was new to me so, of course, my mom has been informed ^^
@punditgi Жыл бұрын
Thanks for the video!
@Spamkromite Жыл бұрын
Thanks for sharing your experience with us. It really is baffling how far phishers go to scam people, specially the elderly. I'm like another layer of security for my relatives when they have doubts (which is like a 90% of the time). How I loath needless strife... 🙄
@arandomguy4478 Жыл бұрын
full circle of that unicode, blogs used to break with that
@charginginprogresss Жыл бұрын
0:15 We're talking about 30 years ago, right? I remember getting a naughty word document from a friend in 1998, and when I opened it, Word '97 told me that the document had macros in it and that they were disabled by default because they possibly posed a security risk (and then prompted me to decide between keeping them disabled or take the risk and enable them). As far as I know office blocks macros since the beginning of times...
@mr_b_hhc Жыл бұрын
You are right but I do believe, I may be wrong (old and tired), that one of MSes versions of Macro (currently version 4.0) had a bug which allowed circumvention of the built in check, hence it becoming a widely known issue.
@JosephM101 Жыл бұрын
Here's a tip. If you right click on a supposed document, and you don't see the "Open with" option in the context menu, it's very likely a virus. Files that are *not* executable will pretty much always have that "Open with" option in the context menu versus, for example, "Run as Administrator"
@midoosaid8506 Жыл бұрын
Thanks a lot for the great job
@toraxmalu Жыл бұрын
@ThioJoe - no, it isn't difficult to create the attachment, so long you've a Desktop-Variant of One-Note. You simply export the page… The app-variants (OneNote for Windows, iOS and Android) and the web-variant are all online-only and can't export this files and ONE-files.
@ClohOrtega Жыл бұрын
5:35 Wow, the Unicode character even managed to invert the window title. It inverted "Properties".
@alex15095 Жыл бұрын
Windows is a complete burning mess with several pretty coats of paint over it, with older decade-old layers seeping out as each time they cover it with less and less paint
@Dethneko Жыл бұрын
Sounds like with that text reverser, if you're savvy enough, it might be safer to have file extensions hidden. I usually have it off and have questioned files in the past that have shown an extension. It's like, you aren't supposed to be showing, so let me check you're real extension, and usually then delete.
@leonidas14775 Жыл бұрын
Its time for microsoft to let hidden file extensions and the RTL override character in filenames go the way of syskey.
@raracool04 Жыл бұрын
Nah, the Unicode character is necessary for languages that read right to left, it’s not there for the shits and giggles. People who read those languages need to name their files too. I do agree that hidden file extensions should not be the default.
@CES_2005 Жыл бұрын
@@beardsntools Cringe racism
@n124ajdx Жыл бұрын
@@beardsntools you should get some mental help ASAP, also the world doesn't revolve around you. and companies don't give a shit about what you think
@official-obama Жыл бұрын
@@beardsntools and they ignore the warning message? also, it is that hard to change it.
@beardsntools Жыл бұрын
@@CES_2005 It's not a race, so the only cringe is this liberal here
@Kommentierer Жыл бұрын
Most versions of OneNote won't allow to create local OneNote-"files". They are usually cloud-only. Old versions might still be able to create them. So it is indeed unusual to get such a file.
@al3xb827 Жыл бұрын
Thank you for the video. It is interesting what people can do if they want something. Unfortunately, I don't have that motivation.
@Jayson_Tatum Жыл бұрын
You're a threat
@miketech79 Жыл бұрын
I believe some things to consider are ransom wear controlled folder access (disables programs from accessing certain folders) and make your normal login account a limited user account. Then have an administrator account that you don’t use normally. I just got thinking about forcing my entire account folder to use the controlled folder access. This way you need to approve applications to access data in the account folder.
@Gabrito74 Жыл бұрын
Thank you!!!
@klausb.7505 Жыл бұрын
Thx Thio!
@alexis0a Жыл бұрын
This is the third video I seen sponsored by Acronis, but this is really useful video an info, not like the one from Luke Miani or Snazzy Labs that was an entire ad, you are really great!
@imaperson1060 Жыл бұрын
When I heard "double click" I thought for sure they put the button in the same spot the "OK" on the security popup is.
@b3njaminfretez Жыл бұрын
5:26 I like how the title of the file properties is flipped. Other way to proof that is RTLO.
@ItsEkap Жыл бұрын
Hey what is the Background you use on your pc, I love it and really want, it reminds me of the Windows XP background lol. Awesome Vid Man! :D
@mixy4244 Жыл бұрын
That might be useful thanks
@ChaoticVengace Жыл бұрын
@5:28 even the properties text in the window title is reversed, really interesting!
@happieplantnl Жыл бұрын
I actually used .one files for education, but the school had blocked the extension from sending
@oldbastard2149 Жыл бұрын
Great video Joe.👍 I see this One Note Icon on my hidden icon on my taskbar. What do you suggest I do ?
@roobscoob47 Жыл бұрын
Thanks, TJ~
@barneybarney3982 Жыл бұрын
5:37 even "properties" is written backwards .
@matthewharris517 Жыл бұрын
You also need to talk about those Telegram scams that are popping up all over KZfaq And KZfaq isn't doing anything about them. KZfaq security is absolute garbage
@mr_b_hhc Жыл бұрын
KZfaq "security" is mostly just automated systems these days - the cost of becoming a behemoth. This is a large contributor to the problem as it takes human intervention to reprogram / retrain / rerule the automated systems and this, of course, takes time.
@oktc68 Жыл бұрын
Thanks Thio
@JohnPaulBuce Жыл бұрын
that right to left text is kinda scary
@aldesianvero 4 ай бұрын
I have gotten millions of those files but i really dont check em cause they are spam and im not dumb since you posted this video! Thanks😍
@major_west Жыл бұрын
Is there anyway to configure Gmail to block emails containing onenote attachments?
@itprofessor Жыл бұрын
Sure you can in "Set up an attachment compliance rule", keep in mind that's only for paid version of the gmail
@TheMegaOddly Жыл бұрын
hmmm i will have to bring this up with my manager see what they think. I dont have the authority to block extensions
@JorgetePanete Жыл бұрын
I knew about the right to left technique from some youtube video some years ago, niche stuff
@simonced Жыл бұрын
3:45 "Your file is encryption" LOL Thankfully, it's only one file!
@Mokrator Жыл бұрын
ohh rtl that is so mean that this is at all possible as part of a filename... really totaly unexpected.
@Decapodd Жыл бұрын
Thanks bruh👊
@AnonZero0 Жыл бұрын
*Thank you.*
@jothamsia Жыл бұрын
Wow really fascinating
@zuzoscorner Жыл бұрын
Man that is creepy. it never ends does it
@1dgram Жыл бұрын
Testing the right to left override character in KZfaq. Cool,.looks like it works!
@AbandonSafety Жыл бұрын
Thank you. I am the IT department. This was very helpful.
@chosenuwu Жыл бұрын
ooo i didnt realize it changes the way properties is written
@ggogaming7441 Жыл бұрын
Funny story, I got one a few hours ago, but Kaspersky axed the file mid installation. I tried re-downloading the file over five times and it deleated it each time, guess I was lucky.
@Armmani2000 Жыл бұрын
Great video..
@PanoptesDreams Жыл бұрын
Wow, that Unicode char trick is NASTY
@dominikdobrotic8298 Жыл бұрын
Microsoft should patch that unicode character to make it not work on file extensions
@solomon0o0o0ozz Жыл бұрын
in work we use CAD software that rev-up everytime you save the file locally. so it will change the extension, example Steel-block.prt.1 then .2 and so on. you can purge. Let's see how our IT will figure this one out.
@imtiredtoday Жыл бұрын
If someone tries to infect me in such a way (with windows viruses) it would only get access to the wine session...
@modrribaz1691 Жыл бұрын
I may be wrong, but it seems we're heading toward isolation-compartmentalization being the core way for security.
@richardbambenek2601 Жыл бұрын
We will never run short of a holes
@Chris-ty7fw Жыл бұрын
OneNote is scarey just how much it can trample over your PC. I opened a one note from work I sent and it owned my PC (my file it associated the accounts and locked my home PC down as per my work).. seriously to this day still manually cleaning up stuff .. no warning. A simple onenote file I wrote on another PC, it basically tried to associate the accounts or something so the file could be shared and worked on both PCs,
@AJT1289 Жыл бұрын
Give those scammers a cookie... No a medal cause this is just genius at this point... Such genius, you'd think they could get a good job but they don't
@JustinWalker951 Жыл бұрын
Dude's 100% right. I work in a SOC and we've seen these for a few weeks now.
@sdpnz Жыл бұрын
I never open e-mails from unknown contacts anyway, and if I do, I always check the e-mail address it came from.
@gblargg Жыл бұрын
Malware creators are giving Thio a lot of videos to make lately.
@carlospulpo4205 Жыл бұрын
1:50 - RIP all the frequent one-note users that clicked "Don't show me this again" previously when viewing a known non malicious document attachment. So i can see how this may be effective.
@ar12. Жыл бұрын
Perfect might try this on my classmates in my cybersecurity class they’ll never know😅.
@lilBugger35 Жыл бұрын
Good lookin out.
@Aeroguy_09 Жыл бұрын
Well another way to defend against this virus is the classic old file extensions enabled.
@juanmondragon Жыл бұрын
Which websites do you use to get the stock AI videos and AI images?
@CubeAtlantic Жыл бұрын
Always using secure security is requested to obviously stop dealing with these hackers.
Blueberry Lutein
Рет қаралды 153 М.
Кик Обзор
Рет қаралды 52 М.