A Brazilian banking trojan is targeting Santander and BBVA customers with fake PDF lures
Back to Home
tech

A Brazilian banking trojan is targeting Santander and BBVA customers with fake PDF lures

July 1, 202632 views2 min read

A Brazilian banking trojan named Ousaban is targeting Santander and BBVA customers in Spain and Portugal using fake PDFs, geofencing, and hidden image payloads to steal credentials.

A newly identified banking trojan named Ousaban is targeting customers of major Spanish and Portuguese banks, including Santander and BBVA, leveraging sophisticated social engineering tactics to evade detection and steal sensitive financial data. According to Fortinet’s FortiGuard Labs, the malware campaign was first observed in May and has since evolved to incorporate advanced techniques such as geofencing and hidden payloads within images.

Deceptive PDFs and Image-Based Payloads

The attack begins with a phishing email containing a fake PDF, often masquerading as a legitimate bank statement or invoice. These PDFs are designed to appear authentic and prompt users to open them, which triggers the initial infection. However, the trojan’s true payload is not embedded in the PDF itself. Instead, it is hidden within an image file that is embedded in the document. When the user opens the PDF, the trojan executes a script that extracts and runs the hidden payload from the image, bypassing traditional security measures.

Geofencing and Stealth Techniques

One of the more concerning aspects of the Ousaban trojan is its use of geofencing, a technique that restricts the malware’s activity to specific geographic regions. This ensures that the trojan only activates when the infected device is within a certain location, reducing the risk of detection by security researchers or automated systems. By limiting its activity to areas where the targeted banks operate, the trojan can remain dormant in other regions, making it harder to trace and analyze.

The trojan is designed to steal login credentials and financial information from users’ Windows systems. Once it gains access to a victim’s banking session, it can monitor and manipulate transactions, potentially leading to significant financial losses. FortiGuard Labs has issued a warning to users of affected banks, advising them to remain vigilant against suspicious emails and to avoid opening PDFs from unknown sources.

Conclusion

As cybercriminals continue to evolve their tactics, threats like Ousaban underscore the importance of robust cybersecurity practices. Banks and financial institutions must stay ahead of these emerging threats by enhancing user education, deploying advanced threat detection tools, and maintaining strong security protocols to protect their customers' sensitive data.

Source: TNW Neural

Related Articles