Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Security researchers have identified a new Android remote access trojan called Mirax targeting users in Spanish-speaking countries. The malware spreads through malicious advertisements on Meta platforms including Facebook, Instagram, Messenger, and Threads, with campaigns reaching over 220,000 accounts. Mirax provides threat actors with full remote access to compromised devices, enabling real-time interaction, data theft, and device surveillance. Additionally, the trojan converts infected devices into SOCKS5 proxies, allowing attackers to route malicious traffic through victim devices and obscure their origins. Organizations should advise users to exercise caution with ads, avoid sideloading applications, and ensure mobile endpoint protection solutions are deployed and updated.

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real

Security researchers have identified a new Android remote access trojan called Mirax targeting users in Spanish-speaking countries. The malware spreads through malicious advertisements on Meta platforms including Facebook, Instagram, Messenger, and Threads, with campaigns reaching over 220,000 accounts. Mirax provides threat actors with full remote access to compromised devices, enabling real-time interaction, data theft, and device surveillance. Additionally, the trojan converts infected devices into SOCKS5 proxies, allowing attackers to route malicious traffic through victim devices and obscure their origins. Organizations should advise users to exercise caution with ads, avoid sideloading applications, and ensure mobile endpoint protection solutions are deployed and updated. A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real