A Brazilian banking trojan known as Ousaban is actively targeting Windows users in Spain and Portugal, according to a report by Fortinet's FortiGuard Labs. This malware employs sophisticated techniques to evade detection and steal banking credentials, The Hacker News reports.The Ousaban campaign begins with a phishing PDF disguised as a corrupted file, prompting users to click an "Update" button. This action leads to a malicious webpage that screens visitors based on IP address, language, and time zone, blocking those outside Spain or Portugal. The malware's payload is hidden within an image file using steganography, a technique that conceals data within other files. Once executed on a Windows system, Ousaban waits to capture screenshots, keystrokes, and manipulate clipboard data when users access targeted banking websites.It monitors over two dozen banks in the region, including major institutions like Banco Santander and BBVA. The trojan's command and control infrastructure is designed to be elusive, with daily changing server addresses. This campaign is part of a broader trend of Brazilian banking trojans, such as Grandoreiro and Guildma, that have evolved to target Iberian markets with advanced evasion tactics.Source: The Hacker News




