- sir appleot - A passion for Apple knights for over 20 years
Chapter in this post:
The banking Trojan Retefe is now also aimed at German Mac users. After the malicious program, which is supposed to tap sensitive data for cyber criminals, was distributed mainly in Austria, Switzerland, Sweden, Japan and partly in Great Britain, it is now raging in this country. The Trojan spreads through various channels: via emails and their attachments, via websites and downloads, and similar channels. The installation of Retefe happens through an alleged update of OS X or macOS. I already talked about an earlier version in the article about the macOS Trojan OSX / Doc written.
the macTrojans "Retefe" is hidden, among other things, in a supposed update under OS X or macOS. The malware targets online banking data used on Apple computers. Image: GovCERT
Retefe trojan: spread via fake DHL e-mails
If you want to protect yourself from the Retefe Trojan in Germany, Austria and Switzerland, you should generally exercise caution and common sense with regard to online mail. Because the distribution takes place here mainly via e-mails that allegedly come from DHL and report on a mail item - points to this with details and examples Proofpoint down. If you read the mail shown at Proofpoint carefully, it becomes clear that it is not a real DHL post. In addition, the attachment is not in PDF but in Word Doc or Word Docx format.
Alleged app store update brings malware
I have the picture above from this article of Swiss Government Computer Emergency Response Team (GovCERT) loaned. This article shows the history of the Retefe Trojan and shows that the actors behind it are constantly changing the system and optimizing it for their purposes. However, and this is your great advantage, you can prevent the installation by reading carefully. Because in the picture above, which should lead to an update or to the installation of the Trojan software, a rather bumpy and sometimes incorrect German is used. A real Apple message would never be designed like this.
Summary
Regardless of whether you do online banking or not, always pay close attention to what email attachments you receive, save and open. Official documents, invoices and the like are never sent as Word documents - rather as email text or as a PDF file. It is also best to read the individual message window texts carefully when updating the operating system of Apple Mac, iMac and MacBook. For more information, I recommend a visit to the linked articles from Proofpoint and GovCERT. Stay clean!
[sc name = "macOS manual"]
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.
Maybe also interesting?
What is spyware?
What is a Trojan?
appleteams.live - Phishing or other scam disguised as Apple Support
Apple is again letting Mac malware in the App Store
Warning: The Trojan "Emotet" is being sent again via spam mail
Why you shouldn't install antivirus software on your Mac
Emotet - BSI warning against malware (also for Mac computers)
Loapi: Kaspersky discovered modular Trojan for smartphones
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.