Retefe
Posted: October 14, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 14,827 |
|---|---|
| Threat Level: | 9/10 |
| Infected PCs: | 653 |
| First Seen: | October 14, 2014 |
|---|---|
| Last Seen: | October 7, 2023 |
| OS(es) Affected: | Windows |
Retefe is a banking Trojan that intercepts your bank account information, while eschewing any display of symptoms of a major breach in your PC's security. Retefe previously was seen in campaigns against European banks, but new variants of Retefe have been reconfigured to attack customers of Japanese banking sites. As per usual for any high-level threat, specialized anti-malware solutions and PC security professionals should be used to resolve the setting changes that allow Retefe to collect your privileged information. Afterward, contacting your bank personally is highly recommended.
Retefe: the Case of the Vanishing Spyware
Although banking Trojans like Zeus, Trojan.Shylock or Trojan.Komodola all are far from uncommon threats, the majority of these Trojans remain resident on the PC that they attack. Retefe merits additional warnings due to its tactic of deleting itself only after Retefe already has compromised your computer, which allows information to be gathered without your security software detecting any installed threats. As a result, Retefe may only be detected prior to its full payload delivery, which involves modifying your browser settings in 'Man-in-the-Middle' style attacks.
Retefe's browser modifications may cause specified bank websites to deliver account information entered by its holders to non-secure domains. A fake certificate implemented by Retefe prevents the PC user from identifying any lack of genuine SSL protection (which is identifiable by the lock icon displayed near the Web browser's URL bar). In the past, bank sites belonging to nations like Switzerland and Austria were the targets. However, new versions of Retefe have attacked users of such Asian banks as Musashino Bank, Miyazaki Bank, Daishi Bank and Chiba Bank.
Malware researchers particularly emphasize that these MitM attacks do not display any symptoms that could trigger suspicion from Retefe's victims. However, some aspects of Retefe's installation may generate misleading pop-ups (such as installation prompts for fake mobile security applications).
Dealing with the Spyware that's Already Gone
If at all possible, Retefe should be intercepted before its installation. Most Retefe campaigns distribute this threat through spam e-mail messages, which may encompass Trojan installer-based file attachments or links to corrupted websites. These e-mail messages target specific businesses or individuals, and invariably are disguised to resemble the communications of legitimate companies (such as the Zalando e-retailer).
When you suspect that Retefe has compromised your PC, malware experts recommend attending to the breach of your PC's security before making any further use of your Web browser on sensitive websites. DNS settings should be reset, and you should use appropriate system maintenance tools to delete Retefe's certificate from your Windows Registry. After Retefe's system changes have been removed, your bank can provide additional advice on how to deal with any breaches of your account.
Mobile phone users also should take particular steps to guard against the interception of account authentication messages by related threats, such as Retefe's fake mobile app component.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.