{“lastseen”:”2025-10-02T18:44:27″,”description”:”An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at \\”active seniors\\”.\\n\\nAttackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities\u2014such as trips, dance classes, and community gatherings. Once people joined, they were invited to download an Android app to \\”register\\” for those offered activities.\\n\\nResearchers at ThreatFabric found numerous Facebook groups created under this pretense, stocked with AI-generated content to appear authentic and trick users into downloading the malware. App names included Senior Group, Lively Years, ActiveSenior, and DanceWave. In some cases, victims were also asked to pay a sign-up fee on the same website, leading to phishing and card detail theft.\\n\\nOne of the servers hosting these downloads was located at `download.seniorgroupapps[.]com`.\\n\\n\\n\\nSometimes the cybercriminals sent a follow-up message through Messenger or WhatsApp, sharing the download links for the malicious apps. \\n\\nOften this would be the Datzbro Trojan, but sometimes victims were hit with Zombinder, a Trojan dropper capable of bypassing the security restrictions Google introduced in Android 13 and later versions.\\n\\n## What Datzbro can do\\n\\nThe researchers found that Datzbro had capabilities similar to both spyware and banking Trojans\u2014specifically designed to drain bank accounts.\\n\\nOnce installed, this Android malware can:\\n\\n * Record audio and video, and access files and photos. \\n * Display phishing overlays that mimic other apps to steal passwords and send them to the attackers. \\n * Let attackers remotely control infected Android devices, including locking or unlocking the screen.\\n\\n\\n\\nResearchers analyzed the code and suspect that it was likely developed in China, but later leaked and was reused by broader cybercriminal groups. The campaign has reached victims worldwide, including Australia, Singapore, Malaysia, Canada, South Africa, and the UK.\\n\\n## How to stay safe in Facebook groups\\n\\nAlthough many of the Facebook groups involved in this campaign have been taken down, there might be others. To protect yourself:\\n\\n * Check a Facebook group’s history and avoid those might have freshly set up for malicious purposes. Unfortunately, it\u2019s not possible to check the age of a group before you join, but once you’re a member, look at the dates of historical posts or pinned posts.\\n * Don\u2019t click on links or install apps provided by such groups or by private messages from people you don\u2019t really know.\\n * Use up-to-date real-time anti-malware protection, especially on your mobile devices.\\n * Be wary of groups offering suspicious or too-good-to-be-true promises.\\n * Check a group\u2019s description and rules for professionalism or red flags.\\n\\n\\n\\nIt\u2019s worth noting that many of the groups also included a button to download an \u201ciOS application.\\” These were just placeholders at the time, but might be an indication that there are plans to target iPhone users as well.\\n\\n### Indicators of Compromise (IOCs)\\n\\n**The malicious app used these names:**\\n\\nSenior Group\\n\\nLively Years\\n\\nActiveSenior\\n\\nDanceWave\\n\\n**and these package names:**\\n\\n`twzlibwr.rlrkvsdw.bcfwgozi`\\n\\n`orgLivelyYears.browses646`\\n\\n`com.forest481.security`\\n\\n`inedpnok.kfxuvnie.mggfqzhl`\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-10-02T13:09:30″,”modified”:”2025-10-02T13:09:30″,”type”:”malwarebytes”,”title”:”Scam Facebook groups send malicious Android malware to seniors”,”source”:””,”references”:””,”id”:”MALWAREBYTES:2330FD7AF32ABEE131F10326816B37A0″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/10\/scam-facebook-groups-send-malicious-android-malware-to-seniors”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-02T18:44:27″,”description”:”An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at \\”active seniors\\”.\\n\\nAttackers used social engineering methods to lure…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-19954","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n