www.infosecurity-magazine.com 7/1/2026, 2:10:43 PM · external

Ousaban Trojan Targets Spain, Portugal Banks with Fake Tax PDFs

Ousaban Trojan Targets Spain, Portugal Banks with Fake Tax PDFs
CyberSIXT Evidence Panel
Primary Source fortinet.com

A banking trojan called Ousaban, previously targeting Brazil, has been adapted to attack banking customers in Spain and Portugal since May 2026. The malware employs phishing tactics through disguised PDFs, steganography, and geofencing techniques to evade detection. Ousaban initiates its attacks via a phishing PDF that prompts victims to click a link leading to a malicious webpage resembling a government tax portal, which then screens users based on geographic data.

Once on the victim's device, it can monitor login attempts to numerous targeted banks and utilizes methods like keylogging and presenting fake bank screens to capture sensitive information. Ousaban's evasion strategy includes regularly rotating its command server domain and avoiding detection methods employed by researchers, emphasizing the need for comprehensive log analysis in cybersecurity.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT