A Brazilian banking trojan is targeting Santander and BBVA customers with fake PDF lures
TL;DR
Fortinet found Ousaban targeting Spanish and Portuguese bank users with geofenced PDFs that hide malware inside images and rotate servers daily.
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal, using fake PDFs, geofencing, and a payload hidden inside an image to steal credentials without triggering security tools. Fortinet’s FortiGuard Labs identified the campaign in May and published its analysis this week.
The attack starts with a phishing PDF disguised as a corrupted file. The document tells the victim to press an “Atualizar” (Update) button, which opens a malicious webpage posing as a tax-document portal. Hidden JavaScript inside the PDF can open the same page automatically, so the victim does not even need to click.
Before delivering the payload, the campaign screens every visitor. An earlier version checked the browser for IP address, language, time zone, screen size, and...
Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE