Retefe trojan: targeting German Mac users

The Mac Trojan "Retefe" is hiding, among other things, in an alleged update under OS X or macOS. The malware targets online banking data that is used on the Apple computer. Image: GovCERT

The banking Trojan Retefe is now also aimed at German Mac users. After the malicious program, which is supposed to tap sensitive data for cyber criminals, was distributed mainly in Austria, Switzerland, Sweden, Japan and partly in Great Britain, it is now raging in this country. The Trojan spreads through various channels: via emails and their attachments, via websites and downloads, and similar channels. The installation of Retefe happens through an alleged update of OS X or macOS. I already talked about an earlier version in the article about the macOS Trojan OSX / Doc written.

The Mac Trojan "Retefe" is hiding, among other things, in an alleged update under OS X or macOS. The malware targets online banking data that is used on the Apple computer. Image: GovCERT

the macTrojans "Retefe" is hidden, among other things, in a supposed update under OS X or macOS. The malware targets online banking data used on Apple computers. Image: GovCERT

Retefe trojan: spread via fake DHL e-mails

If you want to protect yourself from the Retefe Trojan in Germany, Austria and Switzerland, you should generally exercise caution and common sense with regard to online mail. Because the distribution takes place here mainly via e-mails that allegedly come from DHL and report on a mail item - points to this with details and examples Proofpoint down. If you read the mail shown at Proofpoint carefully, it becomes clear that it is not a real DHL post. In addition, the attachment is not in PDF but in Word Doc or Word Docx format.

Alleged app store update brings malware

I have the picture above from this article of Swiss Government Computer Emergency Response Team (GovCERT) loaned. This article shows the history of the Retefe Trojan and shows that the actors behind it are constantly changing the system and optimizing it for their purposes. However, and this is your great advantage, you can prevent the installation by reading carefully. Because in the picture above, which should lead to an update or to the installation of the Trojan software, a rather bumpy and sometimes incorrect German is used. A real Apple message would never be designed like this.

Summary

Regardless of whether you do online banking or not, always pay close attention to what email attachments you receive, save and open. Official documents, invoices and the like are never sent as Word documents - rather as email text or as a PDF file. It is also best to read the individual message window texts carefully when updating the operating system of Apple Mac, iMac and MacBook. For more information, I recommend a visit to the linked articles from Proofpoint and GovCERT. Stay clean!

[sc name = "macOS manual"]

-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.