Ousaban

Malware updated 5 months ago (2024-05-04T23:18:22.068Z)
Download STIX
Preview STIX
Ousaban is a malicious software, or malware, specifically a banking trojan developed primarily in Delphi. This harmful program is designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites without the user's knowledge. Once inside, Ousaban can perform keylogging, capture screenshots, and phish for banking credentials using fake (cloned) banking portals. The malware is capable of causing significant disruption, stealing personal information, and even holding data hostage for ransom. In February 2024, cybersecurity researchers issued warnings about an increase in email phishing campaigns that weaponized Google Cloud Run service to deliver various banking trojans, including Astaroth (also known as Guildma), Mekotio, and Ousaban (also referred to as Javali). These campaigns targeted victims across Latin America and Europe, exploiting the Google Cloud Run service to distribute massive volumes of these banking trojans. Ousaban was one of three banking trojans used in these campaigns that misused Google Cloud Run, alongside Astaroth/Guildma and Mekotio. Cisco Talos, a leading security research organization, observed that Ousaban was delivered at a later stage of the Astaroth infection chain. This indicated a potential collaboration between the operators of the two malware families or a single threat actor managing both. The misuse of Google Cloud Run to spread these trojans represents a significant escalation in cyber threats, highlighting the need for enhanced security measures and vigilance.
Description last updated: 2024-05-04T22:31:15.281Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Google
Cisco
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Astaroth Malware is associated with Ousaban. Astaroth, a notorious information-stealing banking trojan, has continued to evolve and remains a significant threat. Known for its sophisticated evasive skills, Astaroth is typically spread through spear phishing emails, such as the one identified by a threat hunter on Twitter. Once it infects a sysUnspecified
2
Source Document References
Information about the Ousaban Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more