Ousaban Trojan Spreads via Fake PDFs in Iberian Banking Scam

A new banking trojan named Ousaban is targeting Windows users in Spain and Portugal, according to a recent discovery by Fortinet’s FortiGuard Labs. The campaign, detected in May 2026, begins with a phishing PDF disguised as a corrupted file, luring victims into downloading it. Once opened, the malware checks the user’s location to confirm they are in one of the Iberian countries before deploying its real payload—hidden inside an image file.
A Clever Disguise with Serious Consequences
The attack starts with a seemingly harmless PDF attachment, often posing as a corrupted document. When the victim opens it, the malware verifies their IP address to ensure they are in Spain or Portugal, filtering out irrelevant targets. The real trick lies in how Ousaban conceals its malicious code: it embeds the payload within an image file, making it harder for traditional antivirus tools to detect the threat. Once executed, the trojan aims to steal banking credentials, putting users’ financial data at risk.
Why Iberian Users Are in the Crosshairs
Cybercriminals often focus on regions with high banking activity, and the Iberian Peninsula is no exception. Spain and Portugal have seen a rise in digital banking, making them attractive targets for malware campaigns. Ousaban’s use of location verification suggests a targeted approach, ensuring attackers maximize their chances of success by focusing on specific geographies. While the trojan itself isn’t new, its refined delivery method shows how attackers adapt to bypass security measures.
Fortinet’s discovery highlights the ongoing cat-and-mouse game between cybercriminals and security researchers. Users should remain cautious of unsolicited PDFs, especially those claiming to be corrupted, and avoid downloading files from untrusted sources. Keeping software and antivirus tools up to date remains one of the best defenses against such sophisticated threats.
Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

