Retefe Banking Trojan Uses Root Certificate to Target Customers of UK Banks

After aggressive campaigns in October 2014 and August 2015, the crooks behind the Retefe banking trojan have made updates to their code and added new tricks to the malware’s mode of operation.

By Catalin Cimpanu

The most recent Retefe campaign leverages spam email that distributes documents laced with malicious JavaScript code.

When users open the document and double-click an image embedded inside it, the JS code does two things. It first downloads and installs a rogue root certificate, and then changes the operating system’s proxy auto-config settings.

To read the entire article, please click here.