The Threat of Datzbro: A New Android Banking Trojan Targeting the Elderly
Cybersecurity researchers have recently uncovered a previously unknown Android banking trojan named Datzbro, which poses a significant risk to vulnerable users, particularly the elderly. This malicious software can carry out device takeover attacks and execute fraudulent transactions, putting unsuspecting individuals at risk of financial harm.
Discovery and Targeted Campaign
Datzbro was first identified by Dutch mobile security company ThreatFabric in August 2025. The trojan was discovered following reports from users in Australia who fell victim to scammers operating Facebook groups that promoted “active senior trips.” The cybercriminals behind the campaign targeted elderly individuals seeking social activities, trips, and community events, using deceptive tactics to lure them into downloading malicious applications.
The threat actors behind Datzbro have also targeted users in countries such as Singapore, Malaysia, Canada, South Africa, and the U.K., expanding the reach of their fraudulent activities.
Social Engineering Tactics
The attackers leveraged social engineering techniques to entice potential victims into downloading the malware. By creating fake Facebook groups offering events and activities for seniors, the scammers engaged with users who showed interest in participating. Subsequently, the victims were directed to download APK files from fraudulent links, under the guise of accessing community applications for event registration and social connection.
Upon installation of the malicious applications, Datzbro can infiltrate the victim’s device, enabling the attackers to carry out a range of harmful activities, including recording audio, capturing photos, accessing files, and executing financial fraud through remote control and keylogging.
Technical Capabilities and Impact
Datzbro is equipped with sophisticated features that allow it to operate stealthily on infected devices. The trojan can overlay custom text on the screen to conceal its activities from the user, capture sensitive information such as login credentials for mobile banking applications, and intercept passwords associated with popular payment platforms like Alipay and WeChat.
Furthermore, Datzbro employs Android’s accessibility services to perform remote actions on behalf of the victim, giving the attackers control over the device and its data.
Attribution and Distribution
Analysis of Datzbro suggests that it may be the work of a Chinese-speaking threat group, as indicated by Chinese language elements found in the malware source code. The malicious applications associated with Datzbro are connected to a Chinese-language command-and-control (C2) backend, distinguishing it from other malware families that rely on web-based C2 panels.
It is believed that Datzbro may have been leaked and is being distributed freely among cybercriminals, as evidenced by the availability of a compiled version of the C2 app on public virus sharing platforms.
Conclusion
The emergence of Datzbro underscores the evolving landscape of mobile threats, with cybercriminals leveraging social engineering tactics to target unsuspecting users, particularly the elderly. By exploiting trust and community-oriented activities, fraudsters can lure victims into installing malware, leading to device takeover, credential theft, and financial fraud.
As the threat landscape continues to evolve, it is essential for users to remain vigilant and exercise caution when interacting with unfamiliar links or applications, especially those promising enticing offers or activities.
For more information, you can refer to the original article Here.