{"id":640,"date":"2016-11-14T09:33:49","date_gmt":"2016-11-14T08:33:49","guid":{"rendered":"http:\/\/dev.m-q.ch\/?p=640"},"modified":"2016-12-12T09:35:19","modified_gmt":"2016-12-12T08:35:19","slug":"banking-trojan-uses-false-certificate","status":"publish","type":"post","link":"https:\/\/www.m-q.ch\/en\/banking-trojan-uses-false-certificate\/","title":{"rendered":"Banking Trojan uses false certificate"},"content":{"rendered":"
\"\"<\/a>
Not just Tesco Bank, Pay Pal and European institutions are also affected. (Image: Depositphotos: Johan_Swanepoel)<\/figcaption><\/figure>\n

\"The possible link between the massive attack on Tesco Bank, where thousands of customers lost their savings, and the Retefe banking Trojan is scary,\" commented Peter Stan\u010d\u00edk, ESET Security Evangelist.<\/p><\/blockquote>\n

In its current form, the so-called JS\/ Retefe malware has been active since at least February 2016. It searches for users' online banking credentials and then misuses them to conduct fraudulent transactions.<\/p>\n

malicious attachment<\/strong><\/p>\n

Detected by ESET as JS\/Retefe, the malicious code is usually distributed as an email attachment. In most cases, the mail pretends to contain an invoice from a mail-order company. Once the attachment is opened, several components are installed, including the Tor anonymization service. This is used to configure a proxy for selected banking sites.<\/p>\n

In some cases, the malware tried to trick the user into installing a mobile app. ESET detects this threat as Android\/Spy.Banker.EZ. The app was used to bypass two-factor authentication.<\/p>\n

Forged certificate<\/strong><\/p>\n

Retefe has a fake \"root certificate\". It gives the impression that it was issued and verified by the well-known certification authority Comodo. From the user's perspective, the fraud is very difficult to detect.<\/p>\n

Security researchers had already become aware of Retefe in the past. Most recently, bank customers in the UK fell victim to the Trojan. Since then, it has added further mobile components and expanded the target list. Affected institutions include major banks in Switzerland, the UK and Austria, as well as popular services such as Facebook and PayPal.<\/p>\n

\"The possible link between the massive attack on Tesco Bank, where thousands of customers lost their savings, and the Retefe banking Trojan is scary,\" commented Peter Stan\u010d\u00edk, ESET Security Evangelist.<\/p>\n

Users of the affected services are advised to manually check certain compatibility indicators or use ESET's automated Retefe Checker website.<\/p>\n

A step-by-step guide can be found on the ESET blog WeLiveSecurity under this Link <\/a><\/em><\/p>\n

www.eset.com\/ch-de<\/a><\/p>","protected":false},"excerpt":{"rendered":"

\u201eThe possible link between the massive attack on Tesco Bank, in which thousands of customers lost their savings, and the Retefe banking Trojan is frightening,\u201c comments Peter Stan\u010d\u00edk, ESET Security Evangelist. In its current form, the so-called JS\/ Retefe malware has been active since at least February 2016. It searches for users' online banking credentials and abuses [...]<\/p>","protected":false},"author":1,"featured_media":63,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[3355,3363],"class_list":["post-640","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-unkategorisiert","tag-cyber-crime","tag-physische-it-sicherheit"],"acf":[],"yoast_head":"\nBanking-Trojaner verwendet falsches Zertifikat - MQ Management und Qualit\u00e4t<\/title>\n<meta name=\"description\" content=\"Die sogenannte Retefe-Malware hat die Tesco Bank und zahlreiche weitere Banken und Services auf ihrer Zielliste. Das hat der europ\u00e4ische Security-Software-Hersteller ESET festgestellt. Der Trojaner wurde von den ESET Threat Intelligence Services enttarnt.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.m-q.ch\/en\/banking-trojan-uses-false-certificate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Banking-Trojaner verwendet falsches Zertifikat - MQ Management und Qualit\u00e4t\" \/>\n<meta property=\"og:description\" content=\"Die sogenannte Retefe-Malware hat die Tesco Bank und zahlreiche weitere Banken und Services auf ihrer Zielliste. Das hat der europ\u00e4ische Security-Software-Hersteller ESET festgestellt. Der Trojaner wurde von den ESET Threat Intelligence Services enttarnt.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.m-q.ch\/en\/banking-trojan-uses-false-certificate\/\" \/>\n<meta property=\"og:site_name\" content=\"MQ Management und Qualit\u00e4t\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ManagementUndQualitaet\" \/>\n<meta property=\"article:published_time\" content=\"2016-11-14T08:33:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-12-12T08:35:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"457\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"galledia\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"galledia\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/\"},\"author\":{\"name\":\"galledia\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/c0139a2c55a374db6df2cde78ec87148\"},\"headline\":\"Banking-Trojaner verwendet falsches Zertifikat\",\"datePublished\":\"2016-11-14T08:33:49+00:00\",\"dateModified\":\"2016-12-12T08:35:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/\"},\"wordCount\":352,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg\",\"keywords\":[\"Cyber-Crime\",\"Physische IT-Sicherheit\"],\"articleSection\":[\"Unkategorisiert\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/\",\"url\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/\",\"name\":\"Banking-Trojaner verwendet falsches Zertifikat - MQ Management und Qualit\u00e4t\",\"isPartOf\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg\",\"datePublished\":\"2016-11-14T08:33:49+00:00\",\"dateModified\":\"2016-12-12T08:35:19+00:00\",\"description\":\"Die sogenannte Retefe-Malware hat die Tesco Bank und zahlreiche weitere Banken und Services auf ihrer Zielliste. Das hat der europ\u00e4ische Security-Software-Hersteller ESET festgestellt. Der Trojaner wurde von den ESET Threat Intelligence Services enttarnt.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage\",\"url\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg\",\"contentUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg\",\"width\":640,\"height\":457,\"caption\":\"Nicht nur die Tesco Bank, ebenso sind Pay Pal und Europ\u00e4ische Institute betroffen. (Bild: Depositphotos: Johan_Swanepoel)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Unkategorisiert\",\"item\":\"https:\/\/www.m-q.ch\/it\/categoria\/senza-categoria\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Banking-Trojaner verwendet falsches Zertifikat\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#website\",\"url\":\"https:\/\/www.m-q.ch\/fr\/\",\"name\":\"MQ Management und Qualit\u00e4t\",\"description\":\"Plattform f\u00fcr integrierte Managementsysteme.\",\"publisher\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.m-q.ch\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#organization\",\"name\":\"Galledia Fachmedien AG\",\"url\":\"https:\/\/www.m-q.ch\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png\",\"contentUrl\":\"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png\",\"width\":512,\"height\":512,\"caption\":\"Galledia Fachmedien AG\"},\"image\":{\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ManagementUndQualitaet\",\"https:\/\/www.linkedin.com\/showcase\/17982321\/admin\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/c0139a2c55a374db6df2cde78ec87148\",\"name\":\"galledia\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/66edf527eac29e9a5eb25bcada01f61a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/66edf527eac29e9a5eb25bcada01f61a?s=96&d=mm&r=g\",\"caption\":\"galledia\"},\"url\":\"https:\/\/www.m-q.ch\/en\/author\/galledia\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Banking Trojan uses wrong certificate - MQ Management und Qualit\u00e4t","description":"The so-called Retefe malware has Tesco Bank and numerous other banks and services on its target list. This was discovered by the European security software manufacturer ESET. The Trojan was detected by ESET Threat Intelligence Services.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.m-q.ch\/en\/banking-trojan-uses-false-certificate\/","og_locale":"en_US","og_type":"article","og_title":"Banking-Trojaner verwendet falsches Zertifikat - MQ Management und Qualit\u00e4t","og_description":"Die sogenannte Retefe-Malware hat die Tesco Bank und zahlreiche weitere Banken und Services auf ihrer Zielliste. Das hat der europ\u00e4ische Security-Software-Hersteller ESET festgestellt. Der Trojaner wurde von den ESET Threat Intelligence Services enttarnt.","og_url":"https:\/\/www.m-q.ch\/en\/banking-trojan-uses-false-certificate\/","og_site_name":"MQ Management und Qualit\u00e4t","article_publisher":"https:\/\/www.facebook.com\/ManagementUndQualitaet","article_published_time":"2016-11-14T08:33:49+00:00","article_modified_time":"2016-12-12T08:35:19+00:00","og_image":[{"width":640,"height":457,"url":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg","type":"image\/jpeg"}],"author":"galledia","twitter_card":"summary_large_image","twitter_misc":{"Written by":"galledia","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#article","isPartOf":{"@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/"},"author":{"name":"galledia","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/c0139a2c55a374db6df2cde78ec87148"},"headline":"Banking-Trojaner verwendet falsches Zertifikat","datePublished":"2016-11-14T08:33:49+00:00","dateModified":"2016-12-12T08:35:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/"},"wordCount":352,"commentCount":0,"publisher":{"@id":"https:\/\/www.m-q.ch\/fr\/#organization"},"image":{"@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg","keywords":["Cyber-Crime","Physische IT-Sicherheit"],"articleSection":["Unkategorisiert"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/","url":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/","name":"Banking Trojan uses wrong certificate - MQ Management und Qualit\u00e4t","isPartOf":{"@id":"https:\/\/www.m-q.ch\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage"},"image":{"@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage"},"thumbnailUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg","datePublished":"2016-11-14T08:33:49+00:00","dateModified":"2016-12-12T08:35:19+00:00","description":"The so-called Retefe malware has Tesco Bank and numerous other banks and services on its target list. This was discovered by the European security software manufacturer ESET. The Trojan was detected by ESET Threat Intelligence Services.","breadcrumb":{"@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#primaryimage","url":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg","contentUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2016\/12\/Banking-Trojaner-verwendet-falsches-Zertifikat-management-und-qualitaet.jpg","width":640,"height":457,"caption":"Nicht nur die Tesco Bank, ebenso sind Pay Pal und Europ\u00e4ische Institute betroffen. (Bild: Depositphotos: Johan_Swanepoel)"},{"@type":"BreadcrumbList","@id":"https:\/\/www.m-q.ch\/de\/banking-trojaner-verwendet-falsches-zertifikat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Unkategorisiert","item":"https:\/\/www.m-q.ch\/it\/categoria\/senza-categoria\/"},{"@type":"ListItem","position":2,"name":"Banking-Trojaner verwendet falsches Zertifikat"}]},{"@type":"WebSite","@id":"https:\/\/www.m-q.ch\/fr\/#website","url":"https:\/\/www.m-q.ch\/fr\/","name":"MQ Management and Quality","description":"Platform for integrated management systems.","publisher":{"@id":"https:\/\/www.m-q.ch\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.m-q.ch\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.m-q.ch\/fr\/#organization","name":"Galledia Trade Media AG","url":"https:\/\/www.m-q.ch\/fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png","contentUrl":"https:\/\/www.m-q.ch\/wp-content\/uploads\/2020\/12\/cropped-logo_small.png","width":512,"height":512,"caption":"Galledia Fachmedien AG"},"image":{"@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ManagementUndQualitaet","https:\/\/www.linkedin.com\/showcase\/17982321\/admin\/"]},{"@type":"Person","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/c0139a2c55a374db6df2cde78ec87148","name":"galledia","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.m-q.ch\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/66edf527eac29e9a5eb25bcada01f61a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/66edf527eac29e9a5eb25bcada01f61a?s=96&d=mm&r=g","caption":"galledia"},"url":"https:\/\/www.m-q.ch\/en\/author\/galledia\/"}]}},"_links":{"self":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts\/640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/comments?post=640"}],"version-history":[{"count":1,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts\/640\/revisions"}],"predecessor-version":[{"id":641,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/posts\/640\/revisions\/641"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/media\/63"}],"wp:attachment":[{"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/media?parent=640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/categories?post=640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.m-q.ch\/en\/wp-json\/wp\/v2\/tags?post=640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}