Ousaban Banking Trojan Targets Spain, Portugal with Fake PDFs
The Ousaban banking trojan, originating from Brazil, has been identified as targeting Windows users in Spain and Portugal. Fortinet's FortiGuard Labs detected this campaign in May 2026. The malware employs a sophisticated phishing tactic, presenting users with a PDF file that appears to be corrupted. This initial lure is designed to trick unsuspecting individuals into opening the malicious document.
Upon opening the deceptive PDF, Ousaban performs a crucial check to verify the geographical location of the visitor. It specifically targets users located in Spain or Portugal. If the user is confirmed to be within the intended regions, the trojan proceeds to conceal its actual malicious payload within an embedded image file. This multi-layered approach aims to evade detection by standard security measures.
The primary objective of the Ousaban trojan is to compromise the financial security of its victims. Once the payload is successfully delivered and executed, the malware seeks to steal sensitive banking login credentials. This information is then likely used for fraudulent activities, such as unauthorized access to bank accounts and financial theft. The campaign highlights the ongoing threat of banking trojans and the evolving methods used by cybercriminals to target financial institutions and their customers.
Original source — read the full reporting at the publisher:
Read on The Hacker News