[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_Dir5Clsy_1pvlO4sVT14V_l5MtfJISn4b5Hvq3ye0I":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":24,"created_at":25,"published_at":26,"article":27,"tags":31,"podcasts":50},"c39cd84b-da14-421f-b316-cf91fa099dee","ousaban-banking-trojan-uses-phishing-pdfs-to-steal-iberian-banking-credentials","6c82c6a9-a6e4-458e-a5a8-dd11d36a2905","Ousaban Banking Trojan Uses Phishing PDFs to Steal Iberian Banking Credentials","The Ousaban campaign exploits a fundamental gap in end-user security awareness: users are tricked into clicking fake 'Update' buttons embedded in phishing PDFs disguised as corrupted files, initiating a malware infection chain. Once installed, the trojan silently monitors banking sessions and harvests credentials, enabling full account takeover. The malware's use of steganography, geo-blocking, and daily-rotating command-and-control addresses makes it exceptionally difficult for traditional detection tools to flag. This attack matters because it demonstrates how sophisticated social engineering, combined with advanced evasion techniques, can bypass both technical controls and untrained users. Financial institutions and their customers in targeted regions face significant fraud and data breach risk without layered defenses.","**Immediate actions:**\n- Train all employees and customers to never click 'Update' buttons or links embedded within PDF documents received via email.\n- Deploy email gateway filtering with attachment sandboxing to detonate and inspect PDF files before delivery to end users.\n- Block execution of files downloaded from PDFs using application whitelisting or endpoint protection policies.\n\n**Long-term improvements:**\n- Implement multi-factor authentication (MFA) on all banking and financial portals to limit the impact of stolen credentials.\n- Establish a threat intelligence program that subscribes to feeds tracking banking trojans and their evolving C2 infrastructure patterns.\n- Conduct regular phishing simulation exercises targeting staff and measure click rates to identify and remediate high-risk user groups.\n\n**Detection measures:**\n- Deploy DNS-layer security and network monitoring to detect connections to newly registered or rapidly rotating C2 domains.\n- Enable behavioral endpoint detection (EDR) rules to flag steganographic file parsing and anomalous credential-harvesting activity.\n- Monitor banking application logs for unusual session patterns, rapid geographic shifts, or concurrent logins that may indicate account takeover.",[12,13,14,15,16,17,18,19,20,21,22,23],"CIS Control 9 – Email and Web Browser Protections","CIS Control 14 – Security Awareness and Skills Training","CIS Control 13 – Network Monitoring and Defense","NIST SP 800-61 – Incident Response","NIST SP 800-53 SI-3 – Malicious Code Protection","NIST SP 800-53 AT-2 – Security Awareness Training","NIST SP 800-53 IA-5 – Authenticator Management (MFA)","NIST Cybersecurity Framework DE.CM-1 – Network Monitoring","GDPR Article 32 – Security of Processing (for banks handling EU customer data)","MITRE ATT&CK T1566.001 – Phishing: Spearphishing Attachment","MITRE ATT&CK T1027 – Obfuscated Files or Information (Steganography)","MITRE ATT&CK T1056.001 – Credential Access: Keylogging","published","2026-07-01T16:20:22.561077+00:00","2026-07-01T16:20:22.247+00:00",{"id":7,"url":28,"slug":29,"title":30},"https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fousaban-banking-trojan-targets-iberian.html","ousaban-banking-trojan-targets-iberian-bank-users-with-fake-pdf-lures-ccbf86","Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures",[32,38,44],{"id":33,"name":34,"slug":35,"description":36,"color":37},"1732a005-556e-411c-a9db-5edec3058571","Logging & Monitoring","logging-monitoring","Missing logs, no alerting, blind spots","#a855f7",{"id":39,"name":40,"slug":41,"description":42,"color":43},"182e11d5-57c4-444e-8ec8-4682ad60261b","Incident Response","incident-response","Slow detection, poor containment, missing playbooks","#14b8a6",{"id":45,"name":46,"slug":47,"description":48,"color":49},"7261eb8f-acd4-4d93-a489-7fdd652ec0ea","Security Awareness","security-awareness","Phishing, social engineering, human error","#22c55e",[]]