Evernote account used to deliver instructions to malware
A piece of malicious software spotted by Trend Micro uses the note-taking service Evernote as a place to pick up new instructions.
The malware is a backdoor, or a kind of software that allows an attacker to execute various actions on a hacked computer. Trend Micro found it tries to connect to Evernote in order to obtain new commands.
“The backdoor may also use the Evernote account as a drop-off point for its stolen information,” wrote Nikko Tamana, a Trend Micro threat response engineer.
It’s not unheard of for hackers to design malware to abuse legitimate services, either to make the malware more difficult to trace or give it a less suspicious profile. In the past, Twitter and Google Docs have been used by hackers to post instructions for their botnets.
“As stealth is the name of the game, misusing legitimate services like Evernote is the perfect way to hide the bad guys’ tracks and prevent efforts done by the security researchers,” Tamana wrote.
This particular malware, which Trend Micro named “BKDR_VERNOT.A,” tries to obtain instructions from a note in an Evernote account. For some reason, the login credentials within the malware did not appear to work when Trend Micro was testing it.
“This is possibly a security measure imposed by Evernote following its recent hacking issue,” Tamana wrote.
Earlier this month, Evernote reset the passwords for 50 million of its users after hackers obtained access to account usernames, email addresses and encrypted passwords.
Evernote officials couldn’t be immediately reached for comment.