Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Banker Trojan Retefe Targeting Prominent Bank Clients


An attack involving the Retefe banking Trojan spreads through spam mails that distribute files having malevolent JavaScript code. Immediately when recipients click through these files as also a graphic implanted in them, two things happen via the JavaScript code: one, the code pulls down and loads one dangerous root certificate and two, it alters the proxy automatic configuration arrangements of the host computer's OS.

The Trojan, which targets world famous banks such as HSBC, Barclays, Santander and NatWest, appears to collect anything possible, notably account login particulars related to any website featuring ".co.uk" and ".com" domain-names.

The attack leverages crafty phishing e-mails carrying an attachment that has one malicious script. When viewed, this script activates to close all Web-browsers followed with loading one dubious certificate. The JS further initiates the certificate to get installed automatically with the aid of certain power-shell script. Scmagazine.com posted this, June 28, 2016.

Attackers aided with the dodgy certificate as well as the proxy configurations become capable of compromising the computer operator's e-traffic that too from their own Internet-connected systems. Subsequently, they become knowledgeable when the infected end-user accesses some banking website so they can present one phony website instead to that end-user, displaying one authentic HTTPS connection; however, one that's active on some sinister certificate.

Crooks then successfully log in using the end-user's credentials by utilizing genuine-looking but actually phishing pages that merely copy the real banking sites.

Meanwhile, alerts have been issued from banks to customers regarding the spam attack, although possibly many end-users are already infected.

Last year during August, Retefe as well targeted people inside Switzerland and Sweden.

According to Jaromir Horejsi of Avast, the kind of malware imposes severe danger if end-users are unaware, as normally people repose faith in the certificate icons displayed on websites that feature HTTPS, so carry on with their browsing without validating the company issuing the certificate. Naturally, Retefe steals money and/or vital data quite easily.

The power-shell can be fixed with isolated Micro Virtualization within which it would run, while it wouldn't manage exiting from the computer, with nothing to grab, as also with no way for continuing its presence.

» SPAMfighter News - 7/5/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next