Retefe is a financially motivated malware, which intercepts and interacts between a client and a login page for home or corporate online banking and is thus able to conduct unauthorized transactions.
Retefe is usually distributed through geographically “targeted” spam campaigns including a malicious attachment that functions as a dropper. The main component, whenever downloaded and executed by the dropper, then either changes DNS settings or modifies the local proxy to conduct MiTM (Man in The Middle) attacks.
“The Circle around Retefe” will provide technical insight into how the code works on Microsoft Windows, interacts with a victim and conducts realtime phishing and circumvents 2FA. The goal is also to illustrate prevalence based on sinkhole statistics, provide insight into the infrastructure of Retefe as well as attribution on the group behind these ongoing attacks.
A technical paper on this topic is planned to be released shortly after the CARO presentation.