Mirax Android Trojan Exploits Devices as Residential Proxy Nodes
The Mirax Android trojan is spreading across Europe, targeting Spanish-speaking users with campaigns reaching over 200,000 accounts. According to Cleafy, the malware combines remote access features with residential proxy capabilities, allowing attackers to control infected devices and steal sensitive data. The trojan operates under a restricted Malware-as-a-Service model, limiting access to a small group of affiliates. It uses social engineering tactics, such as malicious advertisements promoting illegal streaming apps, to reach victims. Once installed, Mirax can execute commands, monitor activity, and deploy fake overlays on legitimate applications. 
