Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures
Summary
The Ousaban banking trojan is actively targeting Windows users who bank in Spain and Portugal, as identified by Fortinet's FortiGuard Labs. The campaign begins with a phishing PDF lure disguised as a corrupted file, which then checks the user's geolocation before delivering its payload hidden within an image to steal banking credentials.
IFF Assessment
This article describes a new and active banking trojan campaign, representing a direct threat to users and financial institutions.
Defender Context
Defenders should prioritize user education on sophisticated phishing tactics, especially those involving disguised file types and social engineering. Implementing strong email and endpoint security solutions, coupled with network traffic monitoring for unusual C2 communications, is essential to detect and prevent Ousaban infections and credential theft. Organizations with users in the targeted regions (Spain and Portugal) should be particularly vigilant.