Cyber criminals are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets.
TrendMicro uncovered a malware detected as “BKDR_VERNOT.A” tried to communicate with Command-and-Control Server using Evernote.
Malware delivered via an executable file that installs the malware as a
dynamic-link library. The installer then ties the DLL into a legitimate
running process, hiding it from casual detection. Once installed,
BKDR_VERNOT.A can perform several backdoor commands such as downloading,
executing, and renaming files. It then gathers information from the
infected system, including details about its OS, timezone, user name,
computer name, registered owner and organization.
Researchers also pointed out that the backdoor may have also used Evernote as a location to upload stolen data. "Unfortunately,
during our testing, it was not able to login using the credentials
embedded in the malware. This is possibly a security measure imposed by
Evernote following its recent hacking issue."
No comments:
Post a Comment