zeroday.news · 7d ago·high
Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula
Cybersecurity researchers have identified a new campaign by the banking Trojan Ousaban, primarily targeting users in Spain and Portugal. The malware, previously active in Brazil, is distributed via a sophisticated phishing PDF that leads victims to a malicious webpage. This page employs environmental and geo-fencing checks to ensure only intended targets download the payload, which includes a VBS script and the Ousaban executable. The Trojan then establishes persistence, decrypts banking-related strings using a custom algorithm, and communicates with command-and-control servers through dynamically generated hostnames.