New malicious software uses Evernote, which is a note-taking service, as a place to pick up new instructions.
The malware is a backdoor, or a kind of software that allows an attacker to execute various actions on a hacked computer, said researchers at Trend Micro. What the malware does is it tries to connect to Evernote in order to obtain new commands.
“The backdoor may also use the Evernote account as a drop-off point for its stolen information,” said Nikko Tamana, a Trend Micro threat response engineer.
It’s not unheard of for hackers to design malware to abuse legitimate services, either to make the malware more difficult to trace or give it a less suspicious profile. In the past, hackers have used Twitter and Google Docs to post instructions for their botnets.
“As stealth is the name of the game, misusing legitimate services like Evernote is the perfect way to hide the bad guys’ tracks and prevent efforts done by the security researchers,” Tamana said.
This particular malware, which Trend Micro named “BKDR_VERNOT.A,” tries to obtain instructions from a note in an Evernote account. For some reason, the login credentials within the malware did not appear to work when Trend Micro was testing it.
“This is possibly a security measure imposed by Evernote following its recent hacking issue,” Tamana said.
Earlier this month, Evernote reset the passwords for 50 million of its users after hackers obtained access to account usernames, email addresses and encrypted passwords.