378/68 Thursday, October 2, 2025
Cybersecurity researchers have issued a warning about a new Android banking Trojan called “Datzbro”, which is being used in a scam campaign targeting elderly victims. The campaign lures seniors through Facebook groups and ads promoting travel activities or social gatherings. According to ThreatFabric, the campaign was first observed in August 2025, after victims in Australia were reported. It has since expanded to other countries, including Singapore, Malaysia, Canada, South Africa, and the UK. Attackers use AI-generated content and images to boost credibility, before convincing victims via Facebook Messenger or WhatsApp to download a malicious APK from a fake link. Once installed, the APK drops malware specifically designed to bypass security protections in Android 13 and above.
The capabilities of Datzbro include recording audio, taking photos, accessing files, remote device takeover, overlay attacks, and keylogging. It is primarily designed to steal banking app credentials, login information, PINs, and cryptocurrency wallet data. The Trojan abuses Android’s Accessibility Services to perform actions on behalf of the user and has a unique feature that sends the screen’s UI structure back to the attacker, allowing them to remotely simulate and control on-screen activity. Researchers also found Chinese-language debug messages and links to a Chinese-language desktop C2 application, suggesting that the developers are Chinese-speaking. Parts of the C2 code have already been leaked publicly, raising concerns that the malware could be reused or repurposed more widely.
Experts warn the public to be cautious of event ads or groups that encourage downloading apps from outside official app stores, especially if contacted privately through Messenger or WhatsApp. Recommended precautions include never installing APKs from untrusted links, enabling Google Play Protect, keeping the operating system updated, and verifying app sources before installation. If in doubt, users should seek assistance from their bank or national cybersecurity authorities.
This incident highlights the evolving trend of social engineering attacks, where attackers exploit trust and social interaction-underscoring the need for greater awareness campaigns and protective measures specifically for elderly populations.
Source https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html
