This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Evernote is used as malware control centre

Share this article:

Security researchers have discovered malware that is using Evernote as a command and control (C&C) server, and is possibly storing stolen information in the popular note-taking application.

According to security firm Trend Micro, the malware consists of an executable file, which drops a .DLL file and injects it into a legitimate process. The file, which Trend has termed BKDR_VERNOT.A, can gather details from the infected machine, such as its operating system, location and information on the registered owner and organisation. It can also download, execute and rename files, Trend Micro said.

In a blog post on the find, Nikko Tamaña, threat response engineer at Trend Micro, said that what is interesting about this particular piece of malware is what happens next.

“[The malware] retrieves its C&C server and queries its backdoor commands in the notes saved in its Evernote account. The backdoor may also use the Evernote account as a drop-off point for its stolen information,” Tamaña wrote.

The company was blocked from accessing the Evernote account, possibly because the account's password was reset during Evernote's previous security incident, when it discovered unauthorised traffic on its network. The company said the activity was possibly trying to steal user information and data. As a precaution it reset passwords for all users.

What is particularly interesting about this latest case, and what is most worrying for enterprises, is that Evernote is a legitimate application and malicious traffic can hide within it.

Tamaña said services such as Evernote are the “perfect way” for cyber criminals to hide their traffic. “Because BKDR_VERNOT.A generates legitimate network traffic, most anti-malware products may not readily detect this behaviour as malicious. This can be troubling news not only for ordinary internet users, but also for organisations with employees using software like Evernote,” he added.

Consumer services such as Evernote as well as file storage and sharing services such as Google Drive and Dropbox are becoming increasingly popular with enterprise users. Not only can workers use them on their mobile devices but they are also quick and easy to use. However they are also generally unmonitored by IT departments, which can cause a security nightmare.

Share this article:
close

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

4% of Googlebots are fake and can launch attacks

4% of Googlebots are fake and can ...

Admins' fear of damaging their SEO gives malicious search engine bots a 'VIP pass' into sites.

Brit Lauri Love faces more US hacking charges

Brit Lauri Love faces more US hacking charges

Lauri Love, a 29-year-old British man from Stradishall in Suffolk, has been charged by a US court with hacking into multiple US government computers and stealing more than 100,000 employee ...

More questions than answers as BBC outage fuels DDoS talk

More questions than answers as BBC outage fuels ...

The British Broadcasting Corporation was hit by a prolonged outage on its website and iPlayer video-on-demand service (VOD) last weekend, raising questions about the cause and whether it was subjected ...