Ethical Hacking News
A new Android banking trojan, dubbed "Datzbro," has been discovered targeting elderly individuals through social engineering tactics. The malware, which can conduct device takeover attacks and perform fraudulent transactions, is believed to be the work of a Chinese-speaking threat group. This article provides an in-depth look at the Datzbro campaign and its implications for mobile security.
The Datzbro malware is an advanced banking trojan that exploits social engineering tactics to trick elderly individuals into installing malware on their Android devices. The malware, dubbed "Datzbro," began in August 2025 and targets users in Australia through scammers managing Facebook groups promoting "active senior trips." The malware bypasses security restrictions on Android 13 and later devices using an APK binding service called Zombinder to evade detection. The Datzbro malware can remotely control the device, access sensitive information, and conduct financial fraud through remote actions, overlay attacks, and keylogging. ThreatFabric attributed the Datzbro campaign to a Chinese-speaking threat group, citing Chinese debug and logging strings in the malware source code. The discovery of Datzbro highlights the evolution of mobile threats targeting unsuspecting users through social engineering campaigns.
The world of cybercrime has witnessed numerous instances of sophisticated attacks aimed at unsuspecting individuals, particularly the elderly. However, a recent discovery by Dutch mobile security company ThreatFabric sheds light on a novel threat actor that has been exploiting social engineering tactics to trick elderly individuals into installing malware on their Android devices. The malware, dubbed "Datzbro," has been identified as an advanced banking trojan capable of conducting device takeover attacks and performing fraudulent transactions.
According to ThreatFabric, the Datzbro campaign began in August 2025, when users in Australia reported receiving scammers managing Facebook groups promoting "active senior trips." These groups targeted individuals looking for social activities, trips, in-person meetings, and similar events. Prospective targets who expressed willingness to participate in these events were subsequently approached via Facebook Messenger or WhatsApp, where they were asked to download an APK file from a fraudulent link.
The APK file contained a malicious application that, upon installation, deployed the malware on the device. The malware was designed to bypass security restrictions on Android 13 and later devices, utilizing an APK binding service called Zombinder to evade detection. This allowed the attackers to remotely control the device, access sensitive information, and conduct financial fraud through remote actions, overlay attacks, and keylogging.
Furthermore, the Datzbro malware served as a semi-transparent black overlay with custom text, effectively hiding malicious activity from victims. It also scanned accessibility event logs for package names related to banks or cryptocurrency wallets, capturing login credentials for mobile banking applications entered by unsuspecting victims. The malware relied on Android's accessibility services to perform remote actions on the victim's behalf.
ThreatFabric attributed the Datzbro campaign to a Chinese-speaking threat group, given the presence of Chinese debug and logging strings in the malware source code. The malicious apps were connected to a command-and-control (C2) backend that was a Chinese-language desktop application. A compiled version of the C2 app had been leaked to a public virus share, suggesting that the malware may have been leaked and distributed freely among cybercriminals.
The discovery of Datzbro highlights the evolution of mobile threats targeting unsuspecting users through social engineering campaigns. By focusing on seniors, fraudsters exploit trust and community-oriented activities to lure victims into installing malware. What begins as a seemingly harmless event promotion on Facebook can escalate into device takeover, credential theft, and financial fraud.
In light of this threat, it is essential for individuals to exercise caution when engaging with unsolicited messages or links, particularly those related to social activities or travel events. Users should also ensure that their devices are up-to-date with the latest security patches and consider implementing additional security measures, such as using a reputable antivirus program and regularly scanning for malware.
The emergence of Datzbro serves as a reminder of the ongoing threat landscape in the digital world. As technology continues to evolve, it is crucial for individuals and organizations alike to stay vigilant and adapt their security strategies to counter emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Datzbro-Android-Banking-Trojan-A-Sophisticated-Social-Engineering-Attack-Targeting-Elderly-Individuals-ehn.shtml
https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
Published: Tue Sep 30 07:09:23 2025 by llama3.2 3B Q4_K_M
