Cybersecurity experts have identified a new Android banking trojan, dubbed 'Datzbro,' that specifically targets elderly individuals. The malware employs sophisticated social engineering tactics, using AI-generated content on Facebook to promote fake travel events, ultimately aiming to steal personal information and conduct fraudulent financial transactions.

Key Takeaways

• A new Android banking trojan named 'Datzbro' has been discovered.

• It targets elderly individuals by luring them with fake AI-generated travel events on Facebook.

• The malware aims to perform device takeover and fraudulent transactions.

• Attackers are also exploring iOS targets.

The Deceptive Campaign

Researchers from ThreatFabric uncovered the Datzbro campaign in August 2025. Threat actors are creating Facebook groups that advertise "active senior trips" and similar social activities. These groups feature AI-generated content to make the events appear legitimate and appealing to seniors seeking engagement.

When interested individuals express interest, they are contacted via messaging apps like Facebook Messenger or WhatsApp. They are then prompted to download an APK file from a fraudulent link, often disguised as an application for registering for events or connecting with group members.

Spreading the Malware

Upon clicking the download link for the Android application, victims either directly install the Datzbro malware or a dropper designed to bypass security measures on newer Android versions. The attackers are also observed to be preparing for iOS targets, with placeholder links for TestFlight apps found on their fake websites.

Some of the applications found distributing Datzbro include:

• Senior Group

• Lively Years

• ActiveSenior

• DanceWave

• 作业帮 (Job Helper)

• 麻豆传媒 (Madou Media)

• 谷歌浏览器 (Google Chrome)

• MT管理器 (MT Manager)

• 大麦 (Damai)

Datzbro's Malicious Capabilities

Datzbro possesses a wide array of malicious functionalities common to banking trojans. These include:

• Audio recording and photo capture.

• Accessing device files and photos.

• Conducting financial fraud through remote control, overlay attacks, and keylogging.

• Leveraging Android's accessibility services for remote actions.

A standout feature is its schematic remote control mode, which allows attackers to replicate the victim's screen layout on their end for complete device commandeering. It can also deploy semi-transparent overlays to conceal its activities and steal device lock screen PINs and passwords for services like Alipay and WeChat. The malware actively scans for financial applications and credentials.

Origin and Distribution

Evidence suggests Datzbro originates from a Chinese-speaking threat group, indicated by debug strings in the malware's code and a Chinese-language desktop application used for its command-and-control (C2) backend. The C2 application has reportedly been leaked, potentially leading to its free distribution among cybercriminals.

Evolving Mobile Threats

The discovery of Datzbro underscores the increasing sophistication of mobile threats that exploit social engineering. By targeting vulnerable demographics like the elderly, attackers leverage trust and community-focused activities to distribute malware. This trend highlights the need for heightened awareness and robust security practices among all mobile users. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Key Takeaways

• New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events, The Hacker News.