Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Mirax Android Malware Poses Dual Threat to Users

Mirax Android Malware Poses Dual Threat to Users

Posted on April 14, 2026 By CWS

A recently identified Android malware known as Mirax has been making waves in underground cybercrime circles since late 2025, posing a significant risk to mobile users across Europe and potentially beyond. Mirax distinguishes itself by not only stealing banking credentials but also converting compromised devices into residential proxy nodes, offering attackers the ability to disguise their malicious activities by routing traffic through a victim’s legitimate IP address.

Unique Dual Functionality

Mirax represents a novel approach in the design and commercialization of mobile malware. Unlike conventional banking trojans, it serves a dual purpose by facilitating unauthorized access to financial information and establishing a proxy network through infected devices. This functionality is indicative of an evolving threat landscape where cybercriminals are finding new ways to circumvent traditional security measures.

Operating as a Malware-as-a-Service (MaaS), Mirax is selectively distributed to a small group of trusted affiliates, primarily those within Russian-speaking cybercriminal communities. This controlled dissemination strategy is intended to prolong the malware’s undetected presence, complicating efforts by cybersecurity researchers to identify and neutralize the threat.

Widespread Impact and Distribution

Since March 2026, researchers from Cleafy have been actively monitoring Mirax, observing its rapid spread among Spanish-speaking users. Their findings indicate the malware debuted on underground forums in December 2025, and by leveraging paid advertisements on platforms like Facebook and Instagram, it has already compromised over 200,000 accounts.

The initial infection typically begins with a social media ad redirecting users to a phishing site masquerading as an IPTV or illicit sports streaming service. This tactic exploits users’ familiarity with sideloading apps from non-official sources, thereby simplifying the social engineering process. The dropper files, hosted on GitHub, are updated daily to evade detection, despite the unchanged nature of the malware payload itself.

Residential Proxy Feature and Security Implications

One of Mirax’s most concerning features is its ability to transform infected phones into residential proxy nodes using the SOCKS5 protocol and Yamux multiplexing over WebSocket channels. This allows cybercriminals to mask their activities by mimicking the traffic patterns of legitimate users, effectively bypassing geolocation restrictions and fraud detection systems.

The malware’s capability to function even when Accessibility Services permissions are denied underscores its sophistication and the intentional monetization strategies deployed by its operators. This aspect of Mirax makes it a formidable threat to financial institutions and other entities reliant on IP-based security checks.

To mitigate the risk of infection, Android users are strongly advised to avoid downloading apps from unofficial sources and to periodically audit app permissions, particularly those related to Accessibility Services. Staying vigilant and informed is crucial in detecting and preventing significant damage from such sophisticated threats.

For more updates, follow us on Google News, LinkedIn, and X, and set CSN as your preferred source on Google.

Cyber Security News Tags:accessibility services, Android malware, banking trojan, Cleafy, Cybercrime, Cybersecurity, GitHub, IP address, malware-as-a-service, Mirax, mobile security, mobile threats, Phishing, residential proxy, social engineering

Post navigation

Previous Post: Google Enhances Pixel Security with Rust DNS Parser
Next Post: AI Scam Targets Google Discover with Fake News

Related Posts

Critical SonicWall SSL VPN Vulnerability Let Attackers Trigger DoS Attack Critical SonicWall SSL VPN Vulnerability Let Attackers Trigger DoS Attack Cyber Security News
Enhancing Nmap Efficiency with nmapUnleashed Enhancing Nmap Efficiency with nmapUnleashed Cyber Security News
Web-to-App Funnels: Pros And Cons Web-to-App Funnels: Pros And Cons Cyber Security News
US Executives Admit Guilt in Tech Support Fraud Case US Executives Admit Guilt in Tech Support Fraud Case Cyber Security News
See Cyber Threats to Your Industry and Region in Just 2 Seconds See Cyber Threats to Your Industry and Region in Just 2 Seconds Cyber Security News
Foxconn Hit by Cyberattack, Confirms Data Breach Foxconn Hit by Cyberattack, Confirms Data Breach Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access
  • Old Microsoft UEFI Shims Pose Secure Boot Risk
  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access
  • Old Microsoft UEFI Shims Pose Secure Boot Risk
  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark