Mirax Android RAT Turns Phones Into SOCKS5 Proxies via Meta Ads

April 15, 2026 at 07:00 AM

•

1 min read

Mirax Android RAT Turns Phones Into SOCKS5 Proxies via Meta Ads — Photo: The Hacker News

TL;DR Summary

A new Android remote access Trojan named Mirax blends traditional RAT capabilities with a residential SOCKS5 proxy feature, allowing attackers to route traffic through infected devices. Campaigns reach about 220,000 accounts on Facebook, Instagram, Messenger, and Threads via Meta ads promoting a malware dropper, with Mirax offered as a MaaS to a small, Russia-focused affiliate network. Once installed, it can capture data, render fake overlays for credential theft, and maintain multiple C2 channels (WebSockets on ports 8443, 8444, and 8445) for remote control, streaming, exfiltration, and proxy deployment. Distribution uses GitHub-hosted droppers and two crypters (Virbox and Golden Crypt) with anti-analysis checks, reflecting a trend of combining RAT functionality with proxy networks for monetization and broader reach.

Topics:technology #android-malware #cybersecurity #malware-as-a-service #meta-ads #mirax #socks5-proxy

Share this article

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads The Hacker News
Novel Mirax Android banking trojan emerges SC Media
New Android Malware Recruits Phones as Residential Proxies in Stealth Campaign cyberpress.org
New Mirax Android RAT Turns Infected Phones Into Residential Proxy Nodes CyberSecurityNews
Mirax RAT Targets Android Devices Through Meta Apps GovInfoSecurity

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

86%

830 → 117 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights