Mirax RAT Campaign Overview

April 14, 2026 Faeem BLOGS 0

  • Discovery: Security researchers identified Mirax, a nascent Android remote access trojan.
  • Distribution: Delivered via Meta ads across Facebook, Instagram, Messenger, and Threads.
  • Impact: Over 220,000 accounts targeted, primarily in Spanish-speaking countries.
  • Threat level: High — combines traditional RAT capabilities with advanced proxy functions.

Technical Breakdown

  • Core RAT features:
    • Full remote control of infected devices.
    • Real-time interaction with compromised systems.
  • Unique capability: Converts infected devices into SOCKS5 proxy nodes, allowing attackers to route traffic through victims’ IP addresses.
  • Persistence: Uses Yamux multiplexing to maintain stable proxy channels.
  • Operational value: Enhances anonymity for attackers, enabling them to mask malicious traffic as legitimate user activity.

Risks to Users

  • Data theft: Sensitive information, credentials, and communications can be stolen.
  • Device misuse: Victims’ phones are repurposed as proxy servers, hiding attacker activity.
  • Broader exploitation: Compromised devices may be leveraged in fraud, spam, or further cyberattacks.
  • Privacy erosion: Continuous monitoring and control undermine user trust in mobile platforms.

Defensive Guidance

  • Audit apps: Regularly check installed apps and remove anything unfamiliar.
  • Download safely: Avoid installing apps or clicking ads outside of trusted sources (Google Play).
  • Enable security tools: Use mobile antivirus and endpoint detection solutions.
  • Monitor accounts: Watch for unusual activity on Meta platforms.
  • Enterprise response: Organizations should monitor for proxy traffic anomalies and enforce mobile device management (MDM) policies.

Final Thought

The Mirax RAT campaign demonstrates how attackers are weaponizing social media ads to spread malware at scale. By turning victims’ devices into proxy nodes, they gain both control and cover, making detection harder. For individuals and enterprises alike, the lesson is clear: mobile security must extend beyond app downloads to include vigilance against malicious advertising ecosystems.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.