EternalBlue exploit used in Swiss campaigns by Retefe malware

Haythem Elmir

Trojan uses NSA EtneralBlue exploit to hijack computers for new ransomware campaign targeting unpatched


Hackers behind the Retefe malware have added the NSA EternalBlue exploit to the malware to help them spread the malware beyond the initial infection and into a victim network.

Researchers at Proofpoint said that the addition of limited network propagation capabilities may represent an “emerging trend for the threat landscape as 2018 approaches”.

In a blog post, researchers said that while Retefe has never reached the scale or notoriety of better-known banking Trojans such as Dridex or Zeus, it is notable for its consistent regional focus, and interesting implementation.

“Unlike Dridex or other banking trojans that rely on webinjects to hijack online banking sessions, Retefe operates by routing traffic to and from the targeted banks through various proxy servers, often hosted on the TOR network,” said researchers.

Researchers said that in recent months, Retefe has generally been delivered in malicious unsolicited email campaigns containing Microsoft Office document attachments. These attachments contain embedded Package Shell Objects, or OLE Objects, that are typically Windows Shortcut “.lnk” files.

To read the original article:

Laisser un commentaire

Next Post

XPCTRA financial malware leaves no stone unturned

A Trojan that has previously been only stealing users’ banking credentials has been modified to do much more than that. This new variant, dubbed XPCTRA, can also steal users credentials for bitcoin cryptocurrency wallet, online e-payment service PerfectMoney, e-wallet provider Neteller, as well as email credentials. The XPCTRA financial […]