Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
Summary
A new Android remote access trojan (RAT) named Mirax has been observed, particularly in Spanish-speaking regions. Mirax campaigns have reportedly reached over 220,000 accounts on Meta platforms by using advertisements to compromise devices and turn them into SOCKS5 proxies.
IFF Assessment
The emergence of a new RAT with advanced capabilities and widespread distribution poses a significant threat to users and organizations, as it enables remote control and potential misuse of compromised devices.
Defender Context
This highlights the evolving tactics of Android malware, where RATs are being distributed through social engineering on popular platforms like Meta. Defenders should educate users about suspicious ads and be vigilant for indicators of compromise related to RAT activity on mobile devices. The use of SOCKS5 proxies suggests potential for further malicious activity, such as facilitating other attacks or exfiltrating data.