Another in our occasional series demystifying Latin American banking trojans
Ousaban is a Latin American banking trojan active exclusively in Brazil. ESET has been tracking this malware family since 2018. In common with most other LATAM banking trojans, Ousaban uses overlay windows to steal credentials and more from financial institutions. However, unlike most other LATAM banking trojans, Ousaban’s developers have extended the use of overlay windows to steal credentials from popular regional email services. In this installment of our series, we examine its main features and many connections to other Latin American banking trojan families.
Characteristics
Ousaban is written in Delphi, as are the vast majority of the other Latin American banking trojans ESET is tracking. And, as do many of them, Ousaban shows signs of active and continuous development.
The name ESET assigned to this family is a portmanteau of two words – “ousadia”, which means “boldness” in Portuguese, and “banking trojan”. The reason for such a name is that for a very long time, Ousaban was distributed alongside the images (some of them obscene) shown in Figure 1. In the most recent campaigns distributing Ousaban, this is no longer the case.
Figure 1. Various images distributed alongside the Ousaban banking trojan
Ousaban is also known as Javali, a name assigned by Kaspersky. A recent article about Ousaban can be found here. ESET has also been able to attribute Ousaban to the campaigns described in this blogpost from 2018. Even though some sources claim Ousaban is active in Europe, ESET has never observed any camp ..
Support the originator by clicking the read the rest link below.
