The Mirax Android malware campaign represents a growing trend in cybercrime where attackers seek to maximize the value of each compromised device. By combining remote access trojan capabilities with residential proxy functionality, Mirax transforms infected smartphones into both surveillance tools and infrastructure assets.
This campaign has been actively distributed through advertising on Meta platforms, reaching a wide audience across Facebook, Instagram, Messenger, and Threads. By promoting applications that appear to offer free access to streaming content, attackers have successfully lured users into downloading malicious software.
The infection process begins with a dropper application that is downloaded from an external website. This dropper is designed to appear legitimate while secretly preparing the device for malware installation. It performs checks to ensure that it is running on a mobile device and may block access from automated analysis systems.
Once installed, the dropper requests permission to install applications from unknown sources. This allows it to deploy the Mirax payload, which is delivered through a multi-stage process designed to evade detection. The final application often disguises itself as a media player, reducing suspicion while operating in the background.
Mirax provides attackers with full control over the compromised device. This includes the ability to monitor user activity, capture sensitive information, and execute commands remotely. It also supports overlay attacks, allowing attackers to trick users into entering credentials.
What sets Mirax apart is its ability to function as a residential proxy. By using SOCKS5 protocol support, the malware allows attackers to route their traffic through infected devices. This provides a high level of anonymity and makes it more difficult for security systems to detect malicious activity.
The malware is offered as a Malware-as-a-Service platform, with different pricing tiers based on functionality. This model allows attackers to generate revenue while maintaining control over the distribution of the malware.
To effectively respond to such threats, organizations need access to external intelligence. Platforms like IntelligenceX provide insights into malicious infrastructure and attacker behavior. IntelligenceX enables the tracking of domains and the identification of patterns across campaigns.
Furthermore, IntelligenceX helps organizations assess their exposure and take proactive measures to mitigate risk.
The Mirax campaign highlights the increasing sophistication of mobile malware and the need for comprehensive security strategies.
Top comments (0)