- Content source
- https://isc.sans.edu/diary/Retefe+is+back+in+town/20957
In short, this one does the same the previous version did, hijacking your browser to redirect you to a phishing site. Currently most hit are Switzerland, Japan, Austria and Sweden.
After the user runs the file (.js dropper attached to mails), it deletes itself to hide traces of infection.
It hijacks DNS / Certificate to make your browser believe you visit a trusted page (and to redirect you) and to stay undetected by AV.
For our German readers, here''s an interesting German article on this topic:
Banking-Trojaner Retefe ist zurück
Thank you for reading
After the user runs the file (.js dropper attached to mails), it deletes itself to hide traces of infection.
It hijacks DNS / Certificate to make your browser believe you visit a trusted page (and to redirect you) and to stay undetected by AV.
For our German readers, here''s an interesting German article on this topic:
Banking-Trojaner Retefe ist zurück
Thank you for reading
