Sneaky Malware Uses Evernote to Communicate
CREDIT: Evernote Corporation
The trouble with keeping everything in one place is that it makes stealing things that much easier. Evernote, a popular app that can store graphics, video, audio and the written word with equal fidelity, recently became the victim of a subtle-but-powerful malware attack. This malevolent software masquerades as a legitimate program process, but has the potential to lift just about all of the pertinent information that consumers use Evernote to store.
The malware, called VERNOT.A, can come either by itself from suspicious sites or come bundled with other harmful programs. Avoiding it is probably the best strategy, as it's almost impossible to tell if you've been affected. VERNOT.A runs as long as Evernote does, and uses the program to mask its own activities.
The malware is able to steal user info, including the computer's name, its owner's name and place of business and location. VERNOT.A can also tap into information a user has saved in Evernote. Materials about finances or social activities can be particularly compromising.
One of the most insidious aspects of VERNOT.A is that it transmits its hacked information via seemingly legitimate channels. Because Evernote can distribute content through a variety of online routes, networks do not see outgoing Evernote traffic as an unusual thing. Furthermore, one of its favorite distribution channels is Evernote's Chinese interface — unusual for Western accounts, but still nothing that would automatically set off warning bells.
The malware drafts infected machines into a botnet, which links a number of computers together secretly to communicate information back and forth to command-and-control servers. Under normal circumstances, VERNOT.A uses Evernote to communicate with its botnet. However, this functionality has been inaccessible since an Evernote data breach earlier this month forced all users to reset their passwords, making the functionality's purpose unclear.
Luckily, VERNOT.A is a fairly typical "backdoor" (a program that bypasses standard authentication procedures), and any anti-malware program worth its salt will be able to sweep it up. The trouble, of course, is not getting rid of it, but knowing it's even there in the first place. [See also: 8 Hidden Smartphone Threats to Watch For]
VERNOT.A can bypass both personal and corporate firewalls with relative ease, so this is not something you want to risk having on your system. If you use Evernote, run a security sweep and stay vigilant regarding the results. If VERNOT.A shows up, it may be time to change your password, or think very carefully about how many notes you need to take.