Malware has been found using Evernote as a command and control (C&C) server and possibly as a means to store stolen information.
The malware consists of an executable file which dropped a DLL file, injected into a legitimate process, Trend Micro researchers say.
The file (BKDR_VERNOT.A) can gather deatils of a infected machine's operating system, location and information on the registered owner and organisation.It can also download, execute and rename files, Trend Micro said.
“[The malware] retrieves its C&C server and queries its backdoor commands in the notes saved in its Evernote account," Threat response engineer Nikko Tamaña said.
"The backdoor may also use the Evernote account as a drop-off point for its stolen information,”
The company was blocked from accessing the Evernote account, possibly because the account's password was reset during Evernote's previous security incident when it discovered unauthorised traffic on its network.
The company said the activity was possibly trying to steal user information and data. As a precaution it reset passwords for all users.
Tamaña said services such as Evernote are the “perfect way” for cyber criminals to hide their traffic.
“Because BKDR_VERNOT.A generates legitimate network traffic, most anti-malware products may not readily detect this behaviour as malicious. This can be troubling news not only for ordinary internet users, but also for organisations with employees using software like Evernote,” he added.
Consumer services such as Evernote as well as file storage and sharing services such as Google Drive and Dropbox are becoming increasingly popular with enterprise users.
Not only can workers use them on their mobile devices but they are also quick and easy to use. However they are also generally unmonitored by IT departments, which can cause a security nightmare.