Retefe Banking Trojan
Retefe is a banking Trojan which has been identified targeting organisations within the UK. The malware has been around for some time, however, it has never been very prominent when compared to the likes of Dridex.
Retefe is typically distributed by malicious spam emails. The emails contain a malicious Word document containing an Object Linking and Embedding (OLE) object which is used to download an executable payload from a remote server. Retefe has been updated by the attacker to include the EternalBlue exploit.
Affected Platforms:
Microsoft Windows – All Versions.
Resolution:
- Make sure that Server Message Block (SMB) is not internet facing
- .Make sure that patches have been applied for CVE-2017-0144/ MS17-010.
- Consider disabling SMB where appropriate. Where SMB is enabled, ensure that it is properly authenticated.
- Make sure malware definitions are kept up-to-date.
- Monitor network and proxy logs for suspicious activity.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.