Infosecurity-Magazine
Ousaban Banking Trojan Targets Users in Spain and Portugal
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Ousaban banking Trojan, previously active in Brazil, has been repurposed to target banking customers in Spain and Portugal since May 2026. The attack begins with a phishing PDF that prompts users to click an Update button, leading to a malicious webpage that performs geofencing checks. Only users appearing to be from Spain or Portugal can proceed with the attack, which employs techniques like steganography to hide the malware payload. The malware is designed to capture sensitive banking information through methods such as keylogging and clipboard injection. Ousaban's command server uses a dynamic domain that changes daily, complicating detection efforts. The campaign remains active, with a focus on credential theft aimed at bank fraud. Fortinet's FortiGuard Labs has provided detailed insights into the attack methodology and its implications for users in the targeted regions.
Key Points: • Ousaban targets banking customers in Spain and Portugal using phishing techniques. • The malware employs geofencing to evade detection and restrict access to intended victims. • Current attacks utilize steganography and dynamic domains for command and control.