Rectifyq📃Title: Datzbro: RAT Hiding Behind Senior Travel Scams
📅Date: 2025-09-30
🔗References:
Description
A new Android Trojan named Datzbro has been discovered targeting seniors through fake Facebook groups promoting travel and social activities. The malware, which combines spyware and banking Trojan capabilities, is distributed via malicious APKs disguised as community apps. Datzbro features remote access, screen sharing, black overlay attacks, and keylogging, allowing attackers to perform financial fraud. It specifically targets banking and crypto-related apps, stealing credentials and sensitive information. The malware’s origin appears to be Chinese-speaking developers, and its command-and-control application has been leaked, potentially making it a global threat. The campaign demonstrates the evolving sophistication of mobile threats, blending social engineering with advanced technical capabilities.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Australia”
- target-information=“Canada”
- target-information=“Malaysia”
- target-information=“Singapore”
- target-information=“South Africa”
- mitre-attack-pattern=[‘T1513’, ‘T1453’, ‘T1629.002’, ‘T1512’, ‘T1429’, ‘T1412’, ‘T1582’, ‘T1636.004’, ‘T1420’, ‘T1413’, ‘T1663’, ‘T1660’, ‘T1476’]
MISP event uuid: 8391fe48-3fc0-4fe0-a550-1e63c7f2f015
Indicator of Compromise (IoCs)
type,value,comment
sha256, 453b0a62e414e9b40185c63842546fc96e8e1ab3f77d3230b02988dd8834c555, 'Application name: Lively Years No sample in VT\r\nLast check:01/10/2025 No sample in VT\r\nLast check:18/10/2025'
sha256, a57d70b2873d9a3672eda76733c5b2fb96dca502958064fab742cfc074bf0feb, 'Application name: Senior Group No sample in VT\r\nLast check:01/10/2025 No sample in VT\r\nLast check:18/10/2025'
sha256, fac119c569ba7dd19df9154f22f928cf3f0b0165bbe7d6b11a77215bdfc2a11a, 'Application name: DanceWave No sample in VT\r\nLast check:01/10/2025 No sample in VT\r\nLast check:18/10/2025'
Full IOCs available in Rectifyq's MISP```