Attackers are targeting seniors on Facebook with a sophisticated scheme that combines social engineering with malicious software. They create fake groups designed to appeal to older adults, using AI-generated content to make them seem authentic. These groups promote enticing activities like travel, dance classes, and community gatherings. Once a user joins, they are invited to download a fraudulent Android app to “register” for these events. This process is a trap designed to deliver malware and steal sensitive information.
Researchers at ThreatFabric discovered that the attackers frequently used app names such as Senior Group, Lively Years, and ActiveSenior. In some cases, victims were even asked to pay a sign-up fee on the same website where they downloaded the app. This led to additional phishing attacks and the theft of credit card details. The malicious app downloads were hosted on servers with names like seniorgroupapps[.]com, which has since been blocked by some security services. The cybercriminals sometimes followed up with victims through Messenger or WhatsApp, sharing direct download links to the malware, which included the Datzbro Trojan or Zombinder, a trojan dropper that can bypass Android’s security features.
The Datzbro Trojan is a particularly dangerous piece of malware that acts as both a banking Trojan and spyware. Once installed, it is capable of a wide range of malicious activities. It can secretly record audio and video, as well as access files and photos stored on the device. It also displays fake login screens that mimic legitimate apps, allowing attackers to steal passwords. Furthermore, the malware gives cybercriminals remote control of the infected device, enabling them to lock or unlock the screen and perform other functions. This allows them to completely compromise the user’s security and financial accounts.
Analysis of the malware’s code suggests that it was likely developed in China and then distributed and reused by various cybercriminal groups. This has led to the campaign reaching victims all over the world, including in Australia, Singapore, Malaysia, Canada, South Africa, and the UK. While many of the Facebook groups involved in this specific campaign have been taken down, new ones could be created at any time. The attackers have also created placeholder buttons for iOS apps, which could indicate a future plan to target iPhone users.
To stay safe from these types of attacks, it’s crucial to be cautious when interacting with online groups. Always check a group’s history if you can. If it’s a new group with a lot of generic or AI-generated posts, it might be a red flag. Avoid clicking on suspicious links or installing apps from unverified sources, especially those sent in private messages. It’s also essential to use up-to-date, real-time anti-malware protection on your mobile devices. Finally, be wary of groups that offer promises that seem too good to be true, and always check a group’s description and rules for any signs of unprofessionalism or other red flags.
Reference: