Backdoor Uses Evernote as Command-and-Control Server

less than 1 minute read

EvernoteWith its rich functionality and accessibility, Evernote is a popular note-taking tool for its many users. Unfortunately, it may also provide the perfect cover for cybercriminals’ tracks.

We recently uncovered a malware that appears to be using Evernote as a communication and control (C&C) server. The malware attempts to connect to Evernote via, which is a legitimate URL.


The sample we gathered consists of an executable file, which drops a .DLL file and injects it into a legitimate process. The said .DLL file performs the actual backdoor routines.

Read the rest of story in TrendMicro blog:

Leave a comment