Skip to content

ESET research into Latin American banking trojans continues: Bold Ousaban steals credentials with obscene images as a decoy

BRATISLAVA, PRAGUE – ESET Research continues its regular series into demystifying Latin American banking trojans, this time with a deep dive into Ousaban (aka Javali) malware. According to ESET telemetry, Ousaban is active only in Brazil, although some sources claim it is active in Europe as well. The malware is primarily focused on stealing credentials from financial institutions and, untypical for a Latin American banking trojan, from popular email services too. ESET named this malware family by combining two words – “ousadia”, which means “boldness” in Portuguese, and “banking trojan”, because Ousaban earned its notoriety for boldness from using sexually obscene images as part of its distribution vector.

ESET has been tracking this malware family, while observing signs of active and continuous development, since 2018. The backdoor capabilities of Ousaban are very similar to those of a typical Latin American banking trojan – simulating mouse and keyboard actions and logging keystrokes. Ousaban is also no exception to the typical behavior of Latin American banking trojans in attacking users of financial institutions via overlay windows crafted specifically for the targets. In contrast, however, Ousaban’s targets include several email services, for which it has overlay windows ready as well.

“Ousaban is delivered mainly through phishing emails using a distribution chain that is quite straightforward. The victim is misled into executing an MSI attached to the phishing email. When executed, the MSI launches an embedded JavaScript downloader that downloads a ZIP archive and extracts its contents, consisting chiefly of a legitimate application, an injector and the encrypted Ousaban. Using DLL side-loading, the banking trojan is ultimately decrypted and executed,” explains Jakub Souček, coordinator of the ESET team that investigated Ousaban.

From a technical perspective, Ousaban’s persistence mechanism is also worthy of note. “Ousaban either creates a LNK file or a simple VBS loader in the startup folder, or it modifies the Windows registry Run key,” reveals Souček. “Furthermore, Ousaban protects its executables with binary obfuscators and enlarges most EXE files to approximately 400 MB, likely to evade detection and automated processing.”

For more technical details about Ousaban, read the blogpost Ousaban – Private photo collection hidden in a CABinet on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Simple Ousaban distribution chain

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Version 2 Newsletter (May 2021 Issue)

產品動態
業界焦點
熱門新聞
ESET uncovers EmissarySoldier: LuckyMouse APT group compromised government networks and private companies (telco, media and banks) in Central Asia and the Middle East Safe-T’s Zero Trust Network Access Solutions Receives U.S. General Services Administration (GSA) Product Registration Approval Understanding Microsoft Exchange Server vulnerabilities Sometimes it is as much psychology as IT, says about the development of DLP Zbyněk Sopuch, CTO of Brno’s Safetica Earth Day: Recognizing the impact of tech on the environment 4 Reasons Why The VPN is Not Dead Scale Computing Continues to Deliver High-Performing, Scalable Edge Computing and IT Infrastructure to Manufacturing Industry Safe-T’s Zero Trust Network Access Solutions Added as an Approved Vendor to NASA’s Solution for Enterprise-Wide Procurement Contract Vehicle ESET’s endpoint detection and response capabilities put to the test in third MITRE Engenuity ATT&CK® Evaluations Safe-T Recognized by Gartner as a Representative Vendor in “Emerging Technologies: Adoption Growth Insights for Zero Trust Network Access” Report Can ZTNA Reduce the Stress of Working from Home? A Gartner Report

WHAT’S NEW Pandora FMS 754

What’s new in Pandora FMS latest release, Pandora FMS 754

Let’s take a look together at the features and improvements included in this new Pandora FMS release: Pandora FMS 754.

NEW FEATURES AND IMPROVEMENTS

Metaconsole Dashboards

Dashboards can now be used within the Metaconsole, to be able to centrally manage all the information more visually.

New AWS monitoring. Amazon S3

The possibility of monitoring Amazon S3 cubes has been added to be able to monitor the files they include, the size of each file, the number of items in each cube, permissions, etc.

New installers for Cloud

In previous versions, we prepared a remote script to install Pandora FMS in any environment: virtual, cloud or physical, by just having access to the internet. In this version, we have done the same to install Pandora FMS agents, in a customized way with just one click.

Check out the documentation or try it yourself:

curl -Ls https://pfms.me/agent-deploy | bash

Improved event widget in Dashboard

It now allows you to incorporate saved filters, so that the widget will show events using those custom filters.

Release-754

Visual enhancements to console settings

Pandora FMS console setup display has been improved to not show anymore all the options in a single column and thus be able to see it more easily and quickly.

Release-754

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Scale Computing and Parallels RAS Collaborate to Deliver Improved End User VDI Experience for Post-Pandemic Workforces

INDIANAPOLIS, April 28, 2021 Scale Computing, a market leader in edge computing, virtualization and hyperconverged solutions, today announced that Parallels® Remote Application Server (RAS) 18 is now available and optimized on Scale Computing HC3. When combined with Parallels RAS, Scale Computing HC3 enables administrators to rapidly provision and manage virtual machines (VM) along with RDSH sessions and applications centrally from the Parallels RAS Console to make Virtual Desktop Infrastructure (VDI) solutions faster, more affordable and easier to use.

Parallels RAS automatically generates and deploys VDI desktops on demand, enabling administrators to create and deploy guest VMs on the fly and create a master virtual desktop once and rapidly clone hundreds of virtual desktops on their HC3 Cluster. They can quickly and securely deliver Windows applications and desktops, and Parallels RAS integrates with Windows Virtual Desktop to provide unified workload and resource management. Parallels RAS provides a simple, consistent user experience on any device (including smartphones and laptops), from any location.

“Parallels Remote Application Server (RAS) makes VDI solutions quick to deploy, easy to manage and affordable—improving security, centralizing management and reducing IT workloads,” said Nick Dobrovolskiy, Senior Vice President of Engineering and Support at Parallels. “The combination of Parallels RAS 18 and Scale Computing HC3 autonomous infrastructure delivers increased options, customizations and resources to IT organizations for new levels of infrastructure flexibility and employee productivity.”

Scale Computing HC3 is a hyperconverged and edge IT infrastructure platform that combines servers, storage and virtualization capabilities into a single solution to make IT infrastructure easier for organizations of every size. The platform works exceptionally well in VDI environments across all verticals and organizations requiring simple, secure and low-maintenance IT infrastructure options.

“The ability for administrators to deploy, manage and grow their VDI environments easily is more important than ever in today’s work-from-anywhere environments,” said Craig Theriac, VP Product Management at Scale Computing. “The integration of Parallels RAS 18 with Scale Computing HC3 advances the ability to provision VDI VM’s easier and faster than legacy VDI solutions at a cost-effective price point that meets our customer’s needs.”

Availability:

Parallels® Remote Application Server (RAS) 18 optimized on Scale Computing HC3 is now available in the Americas, Asia, and Oceania. For more information about Scale Computing and Parallels RAS visit, https://www.scalecomputing.com/parallels.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

About Parallels RAS
Parallels® Remote Application Server (RAS) is an all-in-one application delivery and virtual desktop infrastructure (VDI) solution that enables users to work remotely from anywhere, on any device, at any time. This cloud-ready software empowers organizations to centralize IT infrastructure management, integrate with Windows Virtual Desktop, streamline multi-cloud deployment, reinforce data security and improve IT process automation. Its flexible and scalable architecture enables organizations to quickly adapt to critical business demands.

Be prepared: How anti-ransomware can save you from potential financial loss

If you think that you’ll never be hit by a ransomware attack, think again. The Cyber Security Agency of Singapore (CSA) received 61 reports of ransomware attacks in 2020, almost twice what was reported the year before. One of the possible reasons for the spike is the rise in Work From Home (WFH) arrangements, where many Singaporeans may be working with poorly secured set-ups.

Unless proper safeguards are put in place, no one is immune to the risk of ransomware. To avoid any invasions of your personal data and potential financial loss from a ransomware attack, prevention is your best digital security strategy. This guide will take you through the basics of ransomware, how it spreads, and how best to guard yourself against it.

What is ransomware?

There are two main types of ransomware, namely locker ransomware, which locks your device or computer, and crypto ransomware, which restricts access to personal data and files through encryption. The objective is the same: preventing access to your personal files.

After holding a victim’s personal files hostage, the attacker then demands a ransom from them to regain access to the data, with instructions on how to pay for the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals often through untraceable cryptocurrency such as Bitcoin. This kind of malware can also have a built-in timer with a payment deadline, where the price to unlock the data increases with time.

How ransomware infections happen and spread through the web

One of the most common delivery systems for ransomware is spam email. It all begins with a seemingly well-intentioned email that contains malicious links or attachments. Once you click the link or download the attachment, a ransomware downloader is stored on the computer without your knowledge.

This ransomware downloader then copies the ransomware program to your system network through backdoor entry. When a device is successfully compromised, malware blocks the screen or encrypts data stored on the disk and a ransom demand with payment details is displayed to the victim.

How to prevent ransomware

Ransomware is a constantly evolving global threat in the cybersecurity landscape and digital hubs like Singapore are particularly vulnerable. A report from CSA showed an emerging trend of more sophisticated and targeted ransomware attacks. Do not risk financial loss by becoming a victim of ransomware. Here are a few tips that will keep you protected:

  • Do not store important data in only one location. Create regular backups of it on another hard drive and in the cloud.
  • Always keep your software and OS updated. These updates usually contain patches for novel security vulnerabilities that could be exploited by malicious ransomware.
  • Adjust your browser’s security and privacy settings for increased protection. Remove outdated plugins from your browser and use an ad-blocker to prevent the threat of malicious ads.
  • Avoid opening spam or suspicious emails from senders that you do not know. Also, never open or download any unverified links or attachments.
  • Always turn to trusted and verified websites for credible download sources. Such websites have trust markers that help you determine their authenticity.

How anti-ransomware can help you avoid ransomware attacks

With ransomware becoming more prevalent in Singapore, the need for protection against it has never been greater. It is essential to employ a top antivirus that has a comprehensive in-built anti-ransomware security feature like ESET Internet Security or ESET NOD32 Antivirus.

An anti-ransomware feature performs an inhibitory function, by monitoring the system for suspicious behaviour common to all ransomware such as file encryption. It promotes system security by scanning the system for unexpected behaviour, such as a new software attempting to encrypt your files. ESET Advanced Memory Scanner lets you monitor the behaviour of malicious processes without any compromise in processing speeds.

Anti-phishing also restricts emails that contain redirects to malicious websites designed to steal your personal data. Robust content scanning and email filtering serve to prevent any ransomware scams from reaching you and your family.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×