A phishing campaign was recently discovered leveraging OneNote, Microsoft s digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims systems. The attack first started with an email to victims that contained a link to the OneNote document. Researchers with Cofense said the attacker was utilizing OneNote as a way to easily experiment with various lures that either delivered the credential-stealing Agent Tesla keylogger or linked to a phishing page.
Source: https://threatpost.com/microsoft-onenote-sidestep-phishing-detection/153436/