Ousaban

Ousaban is a malicious software, or malware, specifically a banking trojan developed primarily in Delphi. This harmful program is designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites without the user's knowledge. Once inside, Ousaban can perform keylogging, capture screenshots, and phish for banking credentials using fake (cloned) banking portals. The malware is capable of causing significant disruption, stealing personal information, and even holding data hostage for ransom. In February 2024, cybersecurity researchers issued warnings about an increase in email phishing campaigns that weaponized Google Cloud Run service to deliver various banking trojans, including Astaroth (also known as Guildma), Mekotio, and Ousaban (also referred to as Javali). These campaigns targeted victims across Latin America and Europe, exploiting the Google Cloud Run service to distribute massive volumes of these banking trojans. Ousaban was one of three banking trojans used in these campaigns that misused Google Cloud Run, alongside Astaroth/Guildma and Mekotio. Cisco Talos, a leading security research organization, observed that Ousaban was delivered at a later stage of the Astaroth infection chain. This indicated a potential collaboration between the operators of the two malware families or a single threat actor managing both. The misuse of Google Cloud Run to spread these trojans represents a significant escalation in cyber threats, highlighting the need for enhanced security measures and vigilance.