importantSYS.SOURCE: The Hacker News• 2026-07-01T20:56:55+05:30
Ousaban Banking Trojan Targets Iberian Financial Institutions via PDF Steganography and Geofencing
#Banking Trojan#Phishing#Steganography#Geofencing#Endpoint Security
A Brazilian banking trojan named Ousaban exploits Iberian bank users by using phishing PDFs disguised as corrupted files, combined with geofencing checks, to steal banking credentials. The malware employs steganography to hide its payload within images and uses dynamic, hidden command servers to evade detection.
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026.
It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really in Spain or Portugal, and hides its real payload inside an image.
The goal is the usual one: steal banking logins and take
*** END OF TRANSMISSION ***