Find notable cyber news and cases, enriched with sources, timelines, and signals.

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

Mirax is spreading across Europe with remote access and residential proxy features, increasing the risk of device compromise, data theft, and traffic abuse. The Android banking trojan is reaching Spanish-speaking users through social media ads and fake IPTV or streaming apps. It can execute commands, deploy fake overlays, and collect credentials through continuous keylogging and lock-screen surveillance. By turning infected phones into proxy nodes, it can route malicious traffic through legitimate IP addresses and evade fraud controls.

Related Happenings

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access

Malware Activity
H score65 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...

WeedHack YouTube and SEO poisoning campaign targeting Minecraft players

Campaign
H score73 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service (MaaS)** campaign that uses **YouTube** and **SEO poisoning** to push malicious **mods, clients, cheats, and utilities**...

FBI public service announcement on fake FIFA websites

Public Sector Action
H score21 First: 28.05.2026 22:08 Last: 28.05.2026 22:08 Sources 1

About this happening: The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
H score39 First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...

Timeline

  1. 13.04.2026 17:30 2 articles · 2mo ago

    Mirax Android banking trojan spreads across Europe

    Initial Disclosure

    Mirax, a newly identified Android banking trojan, is spreading across Europe and targeting Spanish-speaking users through social media advertisements that promote fake IPTV or streaming apps. The malware operates under a restricted Malware-as-a-Service (MaaS) model, can take real-time control of infected devices, execute commands, deploy dynamically fetched fake overlays, establish communication through WebSockets, run continuous keylogging, collect lock screen details such as PIN structure and biometric usage, and convert compromised phones into residential proxy nodes for traffic routing and fraud evasion. Campaigns have reached more than 200,000 accounts.

    Show sources