Emotet malware is making a comeback and this time it's using Microsoft OneNote email attachments to try and bypass security restrictions. Emotet is a derivative of the Cridex banking worm and is known for being a potent and resilient threat. It's often used by other threat actors to run malicious campaigns on a pay-per-install (PPI) model. In late 2021, Emotet started using TrickBot to distribute its dropper malware through spam emails containing attachments. With Microsoft taking steps to block macros in downloaded Office files, OneNote attachments have emerged as an appealing alternative pathway.