UPDATED 13:57 EDT / APRIL 01 2013

NEWS

We Love Evernote, So Does Malware

Evernote is a much loved note-taking tool for several users, but looks like malware too has fallen for it. Harnessing Evernote’s rich functionality, some malware has been discovered using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, this malware attempts to connect to Evernote via https://evernote.com/intl/zh-cn, which is a legitimate URL.

The malware has been discovered by security researchers at Trend Micro, and is delivered via an executable file that installs the malware as a dynamic-link library (DLL). Once the malware ties the DLL and starts running, it starts collecting information about the system, such computer’s name, registered owners, the operating system version, and time zone. It then connects to Evernote to fetch information from notes saved in an account, including commands to download, run, and rename files on its host system.

“BKDR_VERNOT.A retrieves its C&C server and queries its backdoor commands in the notes saved in its Evernote account. The backdoor may also use the Evernote account as a drop-off point for its stolen information,” wrote Nikko Tamana, a Trend Micro Threat Response Manager.

“As stealth is the name of the game, misusing legitimate services like Evernote is the perfect way to hide the bad guys’ tracks and prevent efforts done by the security researchers. Because BKDR_VERNOT.A generates a legitimate network traffic, most antimalware products may not readily detect this behavior as malicious. This can be troubling news not only for ordinary Internet users, but also for organizations with employees using software like Evernote.”

But when testing was performed, researchers were not able to log in using the credentials embedded in the malware, perhaps due to the recent security feature implemented by Evernote. So, all you can do is to be cautious with visiting unknown websites and opening email messages, and keep a check on your Evernote account.

“It’s not unknown for malware to use IRC or other networks for command-and-control,” says HackANGLE editor Kyt Dotson. “Twitter, IRC, web pages, and others have been seen being used in order to allow malware to ‘phone home’ and Evernote is just the most recent service to be used in this fashion. As cyber-note-taking services arise, they’ll find themselves becoming communication platforms–and the best part of this is that it looks like regular or proper traffic on the network.”


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU