"Mirax is a sophisticated remote access trojan that has been targeting Android users across Europe, promoted on underground forums since December 2025 and used in multiple campaigns since March 2026."
"The malware is distributed as malware-as-a-service to a small number of affiliates, mainly Russian-speaking threat actors, through tiered subscription plans, allowing for extensive control over infected devices."
"Victims are tricked into enabling installation from unknown sources to run the malicious IPTV application, which triggers a multi-stage infection process designed to bypass protections."
"Mirax supports overlay and notification injection for credential theft, allows attackers to view the screen in real time, and enables the management of applications and exfiltration of images and text."
Mirax, a sophisticated remote access trojan, has been targeting Android users in Europe since March 2026. Distributed as malware-as-a-service, it is primarily used by Russian-speaking affiliates. The malware can turn infected devices into residential proxy nodes and is promoted through malicious ads on social media platforms. Victims are tricked into sideloading the malware via IPTV applications. Mirax employs advanced encryption techniques to conceal its payload and supports various malicious functionalities, including credential theft and real-time device control.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]