Evernote which is one of the popular notes taking and remember which can be used from anywhere and now it allows hackers to use it as Communication and Control Server (C&C). Recently TrendMicro detects the BKDR_VERNOT.A, a backdoor malware type which executes the commands to remote malicious users without their knowledge.
The above screenshots from TrendMicro describes more about it. The sample is an executable file which outputs to .DLL file and it injects to the legitimate process. The above mentioned .DLL file perform the backdoor routines. Once the file is installed, the malware BKDR_VERNOT.A which can provide the backdoor commands like executing, renaming, downloading and it can also has the options to gather information like OS type, computer name, user name, registered username and organization. It had the possibility to retrieve the Communication and Command server info that can use the queries its backdoor commands that saved in the Evernote account.
By Unfortunately, Trend Micro says that when it tries to test it, the login using the credentials that embedded in malware cannot be done. Hackers use this to cover from the security and misuse. Since the BKDR_VERNOT.A holds the capability to provide network traffic and the information says it is not the first time, there are also method of evasion like Evernote, Google Docs and much more.
The user has the responsibility to check with the files to safe and secure internet surfing.