SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.retefe (Back to overview)

Retefe

The Android app using for Retefe is a SMS stealer, used to forward mTAN codes to the threat actor. Further is a bank logo added to the specific Android app to trick users into thinking this is a legitimate app. Moreover, if the victim is not a real victim, the link to download the APK is not the malicious APK, but the real 'Signal Private Messenger' tool, hence the victim's phone doesn't get infected.

References
2017-08-03GovCERT.chGovCERT.ch
@online{govcertch:20170803:retefe:07f6df3, author = {GovCERT.ch}, title = {{The Retefe Saga}}, date = {2017-08-03}, organization = {GovCERT.ch}, url = {https://www.govcert.admin.ch/blog/33/the-retefe-saga}, language = {English}, urldate = {2020-01-13} } The Retefe Saga
Retefe Dok Retefe
2017-02-24Some stuff about security.. BlogAngel Alonso
@online{alonso:20170224:hunting:073d36e, author = {Angel Alonso}, title = {{Hunting Retefe with Splunk - some interesting points}}, date = {2017-02-24}, organization = {Some stuff about security.. Blog}, url = {http://blog.angelalonso.es/2017/02/hunting-retefe-with-splunk-some24.html}, language = {English}, urldate = {2020-01-06} } Hunting Retefe with Splunk - some interesting points
Retefe
2015-11-03Angel Alonso-Parrizas
@online{alonsoparrizas:20151103:reversing:762708a, author = {Angel Alonso-Parrizas}, title = {{Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)}}, date = {2015-11-03}, url = {http://blog.angelalonso.es/2015/11/reversing-sms-c-protocol-of-emmental.html}, language = {English}, urldate = {2019-10-14} } Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)
Retefe
2015-10-28Angel Alonso-Parrizas
@online{alonsoparrizas:20151028:reversing:92cdf4f, author = {Angel Alonso-Parrizas}, title = {{Reversing the C2C HTTP Emmental communication}}, date = {2015-10-28}, url = {http://blog.angelalonso.es/2015/10/reversing-c2c-http-emmental.html}, language = {English}, urldate = {2019-12-05} } Reversing the C2C HTTP Emmental communication
Retefe
2014-09-23maldr0id blogŁukasz Siewierski
@online{siewierski:20140923:android:d2d9240, author = {Łukasz Siewierski}, title = {{Android malware based on SMS encryption and with KitKat support}}, date = {2014-09-23}, organization = {maldr0id blog}, url = {http://maldr0id.blogspot.ch/2014/09/android-malware-based-on-sms-encryption.html}, language = {English}, urldate = {2019-08-07} } Android malware based on SMS encryption and with KitKat support
Retefe
2014-07-07Victor Dorneanu
@online{dorneanu:20140707:disect:49df4ee, author = {Victor Dorneanu}, title = {{Disect Android APKs like a Pro - Static code analysis}}, date = {2014-07-07}, url = {http://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/}, language = {English}, urldate = {2020-01-07} } Disect Android APKs like a Pro - Static code analysis
Retefe

There is no Yara-Signature yet.