Evernote Used to Deliver Malware: Report

Dennis Faas's picture

Security firm Trend Micro says it has discovered a malicious software program that employs online notepad service Evernote as a communications tool.

Evernote is a cloud-based note-taking software utility that allows users to place "notes, web clips, files and images ... on every device and computer." (Source: evernote.com)

That means you can make a note about a recently-discovered favorite wine on your smartphone and have that note instantly show up on your home computer.

Unfortunately, it seems this handy little program has been exploited by cyber-crooks.

Evernote Used to Communicate with Hackers

In a recent report, Trend Micro says that the malware is of the "backdoor" variety, meaning it's software that gives hackers the ability to take control of a hacked computer.

Trend Micros says that, in order to retrieve instructions, the malware connects to Evernote. Specifically, Trend Micro threat response engineer Nikko Tamana says the backdoor uses "the Evernote account as a drop-off point for its stolen information." (Source: pcworld.com)

Once a link is made, the malware uses Evernote to communicate stolen personal information, including the name of the system's owner.

Evernote is hardly the first service to be exploited in this way. In the past, Twitter and Google Docs have both been used by malware creators to communicate with infected computers.

"As stealth is the name of the game, misusing legitimate services like Evernote is the perfect way to hide the bad guys' tracks and prevent efforts done by the security researchers," Tamana noted.

Security Challenges Ahead for Cloud Services

Trend Micro chief technology officer Raimund Genes says it's unlikely that this will be the last time hackers target cloud-based file storage services. Why? Because very few IT administrators block these services.

"Nobody's going to block Dropbox or Box," Genes told Ars Technica. (Source: arstechnica.com)

March 2013 was a tough month for Evernote's security team. A few weeks ago the service was forced to reset the passwords of 50 million users upon learning that hackers had stolen personal account data, including user names, email addresses, and encrypted password information.

Rate this article: 
No votes yet