A list of financial institutions has been spotted in the configuration file of Retefe malware.
This is a Trojan designed for man-in-the-middle attacks consisting of intercepting the connection from the user to the bank by changing the DNS (domain name server) settings, allowing the attacker to route the connection through the cyber criminal’s infrastructure and permit full access to the traffic without raising the suspicion of the victim.
Analysis of the malware by CSIS found that the set of targets was modified and included more than 30 web pages belonging to several banks from Japan. The malware is not new and it received attention from both security researchers and the media in the past, as it was employed in what Trend Micro dubbed Operation Emmental.
VIEW FULL STORY