Malicious actors are distributing spear-phishing emails with malicious Microsoft OneNote documents to infect users with backdoors, remote access trojans, and information stealers.
The malicious software used in the campaigns include Qbot, AsyncRAT, Agent Tesla, DOUBLEBACK, Netwire, QuasarRAT, RedLine Stealer, and XWorm.
Multiple Windows binaries are used to carry out the operation including PowerShell, cmd.exe, and curl.exe.