If you are a Mozilla Firefox user, head over to Certificate Manager and check the field value. One can manually check for the presence of the malicious root certificates which is falsely claimed to have been issued by COMODO Certification Authority and the issuer’s email is set to. Also, all the major browsers including Internet Explorer, Google Chrome, and Mozilla Firefox are affected by this bug. The worst part is that the mobile components bypass the two-factor authentication with the help of mTANs. This is when the malware springs into action and modifies the banking web page and will phish user credentials and will also trick the users into installing the mobile component of the malware. It’s clearly a case of Man-in-the-Middle attack wherein the victim tries to make a connection with an online banking web page that matches the configuration list in the Retefe file. That said some variants might also install Tor and Proxifier and eventually schedule the same to be launched automatically with the help of Task Scheduler. The Retefe malware executes a Powershell script which will modify the browser proxy settings and installs a malicious root certificate that will be falsely claimed to have been installed by a well-known certification authority called Comodo.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |