Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

2026-04-14

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Mirax is an Android RAT distributed via Meta ads to 220,000+ accounts, combining remote access with SOCKS5 proxy capabilities. - Offered as Malware-as-a-Service for $2,500/three months, targeting Spanish-speaking users. - Features keystroke capture, photo theft, credential-stealing overlays, and device command execution. - Converts infected devices into residential proxies via SOCKS5 to route traffic through victim IPs and evade detection. - Distributed through dropper apps (StreamTV, Reproductor de video) hosted on GitHub with multi-stage extraction. - Uses WebSocket C2 channels (8443, 8444, 8445) for remote tasking, data exfiltration, and proxy management.

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Privacy-first connections: Empowering social experiences at Airbnb

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud