This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Evernote is used as malware control centre

Share this article:

Security researchers have discovered malware that is using Evernote as a command and control (C&C) server, and is possibly storing stolen information in the popular note-taking application.

According to security firm Trend Micro, the malware consists of an executable file, which drops a .DLL file and injects it into a legitimate process. The file, which Trend has termed BKDR_VERNOT.A, can gather details from the infected machine, such as its operating system, location and information on the registered owner and organisation. It can also download, execute and rename files, Trend Micro said.

In a blog post on the find, Nikko Tamaña, threat response engineer at Trend Micro, said that what is interesting about this particular piece of malware is what happens next.

“[The malware] retrieves its C&C server and queries its backdoor commands in the notes saved in its Evernote account. The backdoor may also use the Evernote account as a drop-off point for its stolen information,” Tamaña wrote.

The company was blocked from accessing the Evernote account, possibly because the account's password was reset during Evernote's previous security incident, when it discovered unauthorised traffic on its network. The company said the activity was possibly trying to steal user information and data. As a precaution it reset passwords for all users.

What is particularly interesting about this latest case, and what is most worrying for enterprises, is that Evernote is a legitimate application and malicious traffic can hide within it.

Tamaña said services such as Evernote are the “perfect way” for cyber criminals to hide their traffic. “Because BKDR_VERNOT.A generates legitimate network traffic, most anti-malware products may not readily detect this behaviour as malicious. This can be troubling news not only for ordinary internet users, but also for organisations with employees using software like Evernote,” he added.

Consumer services such as Evernote as well as file storage and sharing services such as Google Drive and Dropbox are becoming increasingly popular with enterprise users. Not only can workers use them on their mobile devices but they are also quick and easy to use. However they are also generally unmonitored by IT departments, which can cause a security nightmare.

Share this article:
close

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Single step authentication on Galaxy leaves PayPal accounts open to abuse say German researchers.

MSWin 8.1 users must update or lose security patches

MSWin 8.1 users must update or lose security ...

Organisations run the risk of being left defenceless against attackers unless they upgrade from MS Win 8.1

Communication gap indentified between IT and management

Communication gap indentified between IT and management

Bad news is filtered out of communicaiton to the C-suite and 63 percent of IT staff only start talking after a breach has taken place.