June 28, 2016
Avast Security researcher Jaromír Hořejší is reporting that the Retefe banking Trojan is now targeting UK banking customers.
Targeting high street banks like Barclays, HSBC, NatWest and Santander- the trojan seems to take anything it can get account login credentials for – anything with “.com” and “.co.uk” domains:
Attackers use crafted phishing emails, loaded with an attachment which contains a malicious script. Once opened, s script is triggered which shuts down all browsers and installs a dodgy certificate. The javascript even automates the installation of the certificate by using a powershell script.
