The Retefe banking trojan resurfaced in April, with a makeover that includes a move away from Tor to secure its communications. The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app. The latest campaigns are using developer-signed versions of fake Adobe Installers in order to deliver their payloads, researchers said. Like Emotet, the malware shows ongoing innovation on the malware development front it comes to banking trojans.
Source: https://threatpost.com/retefe-banking-trojan-tor/144336/