Retefe is a banking Trojan which has been identified targeting organisations within the UK. The malware has been around for some time, however, it has never been very prominent when compared to the likes of Dridex.
Retefe is typically distributed by malicious spam emails. The emails contain a malicious Word document containing an Object Linking and Embedding (OLE) object which is used to download an executable payload from a remote server. Retefe has been updated by the attacker to include the EternalBlue exploit.
Microsoft Windows – All Versions.
- Make sure that Server Message Block (SMB) is not internet facing
- Consider disabling SMB where appropriate. Where SMB is enabled, ensure that it is properly authenticated.
- Make sure malware definitions are kept up-to-date.
- Monitor network and proxy logs for suspicious activity.