A newly discovered Android Trojan called “Datzbro” is spreading through fake Facebook groups to promote social trips for elderly people.
In August 2025, scam alerts in Australia exposed suspicious Facebook groups advertising what they call “active senior trips” to attract older users.
Researchers at ThreatFabric linked the activity to a coordinated campaign using AI-generated posts and fraudulent event promotions.
Their investigation uncovered Datzbro, an Android Trojan with spyware and banking trojan, now spreading globally.
Also read: New Malware Klopatra Targets Financial Institutions and Customers
Modus Operandi
The campaign targeted elderly users interested in social activities, dance programs, and community trips. Fraudsters created Facebook groups filled with AI-generated content to gain their trust.
Once victims engaged, scammers contacted them through Messenger or WhatsApp and redirected them to phishing sites. These sites urged them to download a malicious APK disguised as a community app or to pay sign-up fees. The process resulted in stolen payment card details and malware infections.
Victims have been reported in Australia, Singapore, Malaysia, Canada, South Africa, and the United Kingdom.
According to ThreatFabric, Datzbro operates as spyware and a remote access Trojan (RAT), giving attackers full control over devices. The researchers also identified a leaked Command-and-Control (C2) application and malware builder, making Datzbro available to threat actors worldwide.
Analysis showed that Datzbro includes powerful spyware features such as audio recording, camera control, and file access. It also enables fraud through remote device control, keylogging, and black overlay attacks that hide malicious activities.
The Trojan specifically targets banking and cryptocurrency applications, including Alipay and WeChat, capturing credentials through accessibility event logging.
Also read: Over 400 Facebook Users in Africa Hit by StealC v2 Malware Campaign
“The discovery of Datzbro highlights the evolution of mobile threats targeting unsuspecting users through social engineering campaigns,“ ThreatFabric researchers said in a blog post.
“By focusing on seniors, fraudsters exploit trust and community-oriented activities to lure victims into installing malware. What begins as a seemingly harmless event promotion on Facebook can escalate into device takeover, credential theft, and financial fraud.”
About Author
