Infosecurity-Magazine
Ousaban Banking Trojan Targets Users in Spain and Portugal with Advanced Techniques
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Ousaban banking trojan has been identified targeting Windows users in Spain and Portugal since May 2026. This malware employs phishing PDFs disguised as corrupted files to lure victims into clicking an 'Atualizar' button, leading to a malicious webpage. The campaign uses geofencing to restrict access to users in the targeted countries, blocking those using VPNs or automated tools. Once the victim's environment is verified, the trojan delivers its payload hidden within an image file using steganography. Ousaban monitors over two dozen banks, including Santander and BBVA, capturing screenshots and keystrokes to steal credentials. The command and control infrastructure changes daily, making detection and blocking difficult. Fortinet has flagged the malware and its phishing emails, but the campaign remains active.
Key Points: • Ousaban targets banking users in Spain and Portugal using sophisticated evasion techniques. • The malware employs phishing PDFs and steganography to deliver its payload while avoiding detection. • It monitors multiple banking institutions and has a dynamic command and control infrastructure.