ESET researchers have discovered a link between the Tesco Bank breach and the Retefe malware.The Retefe trojan horse goes after users’ online banking credentials, which can be then misused to conduct fraudulent transactions. The campaign began at least as far back as February 2016.
Following up on the story, Lee Munson, security researcher at Comparitech.com said:
“While Tesco remains tight-lipped over how thousands of its banking customers were hacked recently, security vendor ESET has suggested the Retefe banking Trojan could be to blame.
“This sort of attack vector would hardly be surprising – credential-stealing Trojans are hardly anything new, and the fact that other banks may be on its target list is only logical.
“From the banks’ perspective, this is a hard attack to block so their focus should really be on their customers who should be advised to be on the lookout for the fake Comodo certificate, a task that is likely to be met with little success.
“Therefore, some basic tips about account security, using a software security solution and not opening suspicious emails or visiting dodgy sites should also be the order of the day.
“Affected browsers – which are most of the major ones – should consider blocking the Comodo certificate until this mess is cleared up.
“Meanwhile, customers can rest easy, safe in the knowledge that any losses they incur will be covered by their bank, unless they have been reckless in with their own account security.”