Mirax Android Trojan Converts Devices into Proxy Nodes, Expanding Cyber Threats
A new Android banking trojan, named Mirax, has been identified as spreading across Europe, particularly targeting Spanish-speaking users. According to Cleafy, the malware has reached over 200,000 accounts through social media advertisements. Mirax operates under a restricted Malware-as-a-Service (MaaS) model, allowing only a small group of affiliates to access it. This approach is designed to enhance operational security and campaign effectiveness. The malware enables attackers to control infected devices in real-time, execute commands, monitor activity, and deploy fake overlays on legitimate applications to steal sensitive data. It also includes surveillance capabilities like keylogging and collecting lock screen details. The distribution relies heavily on social engineering, using malicious advertisements to promote illegal streaming applications, which users download from outside official app stores. Once installed, the malware decrypts hidden payloads and establishes communication channels via WebSocke... 
