Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.
Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting “active senior trips.” Some of the other territories targeted by the threat actors include Singapore, Malaysia, Canada, South Africa, and the U.K.
The campaigns, it added, specifically focused on elderly people looking for social activities, trips, in-person meetings, and similar events. These Facebook groups have been found to share artificial intelligence (AI)-generated content, claiming to organize various activities for seniors.
Should prospective targets express willingness to participate in these events, they are subsequently approached via Facebook Messenger or WhatsApp, where they are asked to download an APK file from a fraudulent link (e.g., “download.seniorgroupapps[.]com”).
“The fake websites prompted visitors to install a so-called community application, claiming it would allow them to register for events, connect with members, and track scheduled activities,” ThreatFabric said in a report shared with The Hacker News.
Interestingly, the websites have also been found to contain placeholder links to download an iOS application, indicating that the attackers are looking to target both the mobile operating systems, distributing TestFlight apps for iOS and trick victims into downloading them.
Should the victim click on the button to download the Android application, it either leads to the direct deployment of the malware on their devices, or that of a dropper that’s built using an APK binding service dubbed Zombinder to bypass security restrictions on Android 13 and later.
Some of the Android apps that have been found distributing Datzbro are listed below –
- Senior Group (twzlibwr.rlrkvsdw.bcfwgozi)
- Lively Years (orgLivelyYears.browses646)
- ActiveSenior (com.forest481.security)
- DanceWave (inedpnok.kfxuvnie.mggfqzhl)
- 作业帮 (io.mobile.Itool)
- 麻豆传媒 (fsxhibqhbh.hlyzqkd.aois
- 麻豆传媒 (mobi.audio.aassistant)
- 谷歌浏览器 (tvmhnrvsp.zltixkpp.mdok)
- MT管理器 (varuhphk.vadneozj.tltldo)
- MT管理器 (spvojpr.bkkhxobj.twfwf)
- 大麦 (mnamrdrefa.edldylo.zish)
- MT管理器 (io.red.studio.tracker)
The malware, like other Android banking trojans, has a wide range of capabilities to record audio, capture photos, access files and photos, and conduct financial fraud through remote control, overlay attacks, and keylogging. It also relies on Android’s accessibility services to perform remote actions on the victim’s behalf.
A notable feature of Datzbro is the schematic remote control mode, which allows the malware to send information about all the elements displayed on the screen, their position, and content, so as to allow the operators to re-create the…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
