SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.retefe (Back to overview)

Retefe


The Android app using for Retefe is a SMS stealer, used to forward mTAN codes to the threat actor. Further is a bank logo added to the specific Android app to trick users into thinking this is a legitimate app. Moreover, if the victim is not a real victim, the link to download the APK is not the malicious APK, but the real 'Signal Private Messenger' tool, hence the victim's phone doesn't get infected.

References
2017-08-03GovCERT.chGovCERT.ch
The Retefe Saga
Retefe Dok Retefe
2017-02-24Some stuff about security.. BlogAngel Alonso
Hunting Retefe with Splunk - some interesting points
Retefe
2015-11-03Angel Alonso-Parrizas
Reversing the SMS C&C protocol of Emmental (1st part - understanding the code)
Retefe
2015-10-28Angel Alonso-Parrizas
Reversing the C2C HTTP Emmental communication
Retefe
2014-09-23maldr0id blogŁukasz Siewierski
Android malware based on SMS encryption and with KitKat support
Retefe
2014-07-07Victor Dorneanu
Disect Android APKs like a Pro - Static code analysis
Retefe

There is no Yara-Signature yet.