🟡 Medium | Source: The Hacker News
Ousaban, a Brazilian banking trojan, is targeting Windows users in Spain and Portugal via phishing emails containing fake corrupted PDF files. The campaign, discovered by Fortinet’s FortiGuard Labs in May 2026, uses geofencing to confirm the victim is in the target region and steganography to conceal its payload within an image file. The ultimate aim is credential theft from Iberian banking customers.
Security Architect’s Take: Ensure endpoint security controls block steganographic payload delivery and enforce email gateway policies that quarantine password-protected or visually ‘corrupted’ PDFs. For organisations with staff in Spain or Portugal, consider deploying browser isolation for online banking portals and validate that DNS/proxy controls can detect geofencing callbacks used by the dropper.
Original advisory: Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures