Cybersecurity

Android Malware Campaign Targeting Seniors

Cybersecurity researchers have identified an Android malware campaign, named Datzbro, which is targeting seniors through fraudulent travel and social activity promotions on Facebook.

Technical Details

The Datzbro malware combines advanced spyware capabilities with remote access tools to facilitate financial fraud. This campaign, first detected in August 2025, has expanded beyond Australia to target users in Singapore, Malaysia, Canada, South Africa, and the United Kingdom.

Attack Strategy

Threat actors create Facebook groups promoting “active senior trips” and social gatherings. These groups use AI-generated content to attract potential victims. Fraudsters contact victims via private messaging platforms like Facebook Messenger and WhatsApp, sharing links to download applications for event registration.

Distribution Mechanism

Victims are often asked to pay registration fees through malicious websites, creating opportunities for credential theft. Fake websites prompt users to install applications claiming to enable event registration and member connections. Currently, iOS application buttons are placeholders but could be updated to distribute credential-stealing applications.

Malware Capabilities

The malware uses advanced remote access technologies and Android Accessibility Services to execute remote actions, supporting device control including screen sharing and file management. It employs evasion techniques like customizable black overlay attacks, hiding fraudulent activities from victims.

Financial Targeting

Datzbro targets banking and cryptocurrency applications through filtering systems that monitor financial-related Accessibility events. Its multilingual capabilities allow it to target a global audience. Keylogging and credential theft activities position Datzbro as a significant banking Trojan, capable of extensive financial fraud operations.