The Ousaban banking trojan is targeting Windows users in Spain and Portugal through phishing PDFs designed to look like corrupted files. This malware can capture sensitive information during online banking sessions, posing a significant threat to users' accounts.
The Ousaban banking trojan has been identified by Fortinetβs FortiGuard Labs as targeting Windows users specifically banking in Spain and Portugal. It operates by misleading users into opening a phishing PDF that appears as a corrupted file.
The attack commences with a PDF file prompting users to click a button for updates. This action either redirects to a malicious webpage or executes hidden JavaScript to facilitate the download of the trojan.
The trojan masquerades its payload within an image, which deceives security measures and delivers a ZIP file containing the malicious software.
Once installed, Ousaban monitors user's online banking activity, capturing keystrokes, screenshots, and modifying clipboard contents. It particularly targets over two dozen banks including major institutions like Banco Santander and BBVA.
With the capability to interact during live banking sessions, Ousaban can effectively hijack accounts.
Ousaban employs various evasion techniques to establish its presence. Initially, it checked the victim's location using IP, language, and other criteria before triggering its payload.
In its latest variant, such checks occur on the command server, keeping the screening rules hidden and barring users located outside the Iberian region.
The command server for Ousaban is continuously changing to evade detection, making it difficult to track. Past versions of the malware have hidden configurations using services like Google Docs. Users are advised to remain vigilant against such phishing attempts and use strong security practices when banking online.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
The Ousaban banking trojan is targeting Windows users in Spain and Portugal through phishing PDFs designed to look like corrupted files. This malware can capture sensitive information during online banking sessions, posing a significant threat to users' accounts.