Evernote used as command and control server for backdoor

Evernote has become a popular note-taking tool for many users and now it has also become a favorite tool for cyber-criminals.A malware detected as BKDR_VERNOT.A,  uses Evernote as command and control server.The content found consists of an executable file which adds dynamic link library(DLL) file into legitimate process.The DLL file then performs the actual backdoor operations.

These operations include backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization.This is done by malware trying to connect to Evernote by via https://evernote.com/intl/zh-cn, which is a legitimate URL.

The commands are stored in the notes saved in the Evernote account and  also uses the same account for storing the stolen info.This is a perfect way to hide the malware activities as the traffic generated by the malware is seen as a traffic from Evernote, so considered as a valid traffic.Thus,malware remains undetected.

It’s a clear threat to every Evernote user and goes undetected by most of the security suites.To keep your app clear from such threats ,don’t click on unknown links on websites and emails.

Source:- Trend Micro