Another in our occasional series demystifying Latin Amercian banking trojans
Ousaban is a Latin American banking trojan active
exclusively in Brazil. ESET has been tracking this malware family since 2018.
In common with most other LATAM banking trojans, Ousaban uses overlay windows
to steal credentials and more from financial institutions. However, unlike most
other LATAM banking trojans, Ousaban’s developers have extended the use of
overlay windows to steal credentials from popular regional email services. In
this installment of our series, we examine its main features and many
connections to other Latin American banking trojan families.
Characteristics
Ousaban is written in Delphi, as are the vast
majority of the other Latin American banking trojans ESET is tracking. And, as
do many of them, Ousaban shows signs of active and continuous development.
The name ESET assigned to this family is a
portmanteau of two words – “ousadia”, which means “boldness” in
Portuguese, and “banking trojan”. The reason for such a name is that for
a very long time, Ousaban was distributed alongside the images (some of them
obscene) shown in Figure 1. In the most recent campaigns distributing
Ousaban, this is no longer the case.
Complete article on: