This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Evernote is used as malware control centre

Share this article:

Security researchers have discovered malware that is using Evernote as a command and control (C&C) server, and is possibly storing stolen information in the popular note-taking application.

According to security firm Trend Micro, the malware consists of an executable file, which drops a .DLL file and injects it into a legitimate process. The file, which Trend has termed BKDR_VERNOT.A, can gather details from the infected machine, such as its operating system, location and information on the registered owner and organisation. It can also download, execute and rename files, Trend Micro said.

In a blog post on the find, Nikko Tamaña, threat response engineer at Trend Micro, said that what is interesting about this particular piece of malware is what happens next.

“[The malware] retrieves its C&C server and queries its backdoor commands in the notes saved in its Evernote account. The backdoor may also use the Evernote account as a drop-off point for its stolen information,” Tamaña wrote.

The company was blocked from accessing the Evernote account, possibly because the account's password was reset during Evernote's previous security incident, when it discovered unauthorised traffic on its network. The company said the activity was possibly trying to steal user information and data. As a precaution it reset passwords for all users.

What is particularly interesting about this latest case, and what is most worrying for enterprises, is that Evernote is a legitimate application and malicious traffic can hide within it.

Tamaña said services such as Evernote are the “perfect way” for cyber criminals to hide their traffic. “Because BKDR_VERNOT.A generates legitimate network traffic, most anti-malware products may not readily detect this behaviour as malicious. This can be troubling news not only for ordinary internet users, but also for organisations with employees using software like Evernote,” he added.

Consumer services such as Evernote as well as file storage and sharing services such as Google Drive and Dropbox are becoming increasingly popular with enterprise users. Not only can workers use them on their mobile devices but they are also quick and easy to use. However they are also generally unmonitored by IT departments, which can cause a security nightmare.

Share this article:
close

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.