Analysis by: Antonio John Pangilinan II

Cybercriminals taking advantage of the popularity of certain legitimate applications is nothing new, and this spam attack that leverages Evernote's credibility and usefulness is but one of the many examples of why this is true. We found this particular sample that, while seemingly simply-written without even so much as a graphic similar to legitimate Evernote correspondence, sports malware as an attached archive. Users who open the attachment itself may find the malicious behavior of the malware, detected as TROJ_DLOADR.SFA, inside being exhibited upon their systems.

Once again, we remind users not to be taken in by spam - especially those that come with suspicious attachments. Deleting them as soon as you receive them is more than apt. Trend Micro security offerings detect and block everything related to this malicious spam attack.

 SPAM BLOCKING DATE / TIME: 30 July 2014 GMT-8
 TMASE
  • TMASE Engine: 7.5
  • TMASE Pattern: 0850