We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/Retliften
Aliases: No associated aliases
Summary
This is a detection of a malicious driver that can intercept network traffic, add new root certificates, set a new proxy server, and modify internet settings without user consent.
For information about Retliften and other human-operated malware campaigns, read these blog posts:
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
