Mirax Android banking trojan with residential proxy nodes
Malware Activity
Summary
Hide ▲
Show ▼
Mirax is spreading across Europe with remote access and residential proxy features, increasing the risk of device compromise, data theft, and traffic abuse. The Android banking trojan is reaching Spanish-speaking users through social media ads and fake IPTV or streaming apps. It can execute commands, deploy fake overlays, and collect credentials through continuous keylogging and lock-screen surveillance. By turning infected phones into proxy nodes, it can route malicious traffic through legitimate IP addresses and evade fraud controls.
Related Happenings
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware Activity
H score65
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
About this happening:
**WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware ActivityAbout this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...
WeedHack YouTube and SEO poisoning campaign targeting Minecraft players
Campaign
H score73
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
About this happening:
**WeedHack** is a **Minecraft-focused malware-as-a-service (MaaS)** campaign that uses **YouTube** and **SEO poisoning** to push malicious **mods, clients, cheats, and utilities**...
WeedHack YouTube and SEO poisoning campaign targeting Minecraft players
CampaignAbout this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service (MaaS)** campaign that uses **YouTube** and **SEO poisoning** to push malicious **mods, clients, cheats, and utilities**...
FBI public service announcement on fake FIFA websites
Public Sector Action
H score21
First: 28.05.2026 22:08
Last: 28.05.2026 22:08
Sources 1
About this happening:
The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
FBI public service announcement on fake FIFA websites
Public Sector ActionAbout this happening: The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
JINX-0164 cryptocurrency recruitment-lure campaign
Campaign
H score39
First: 28.05.2026 10:54
Last: 28.05.2026 10:54
Sources 1
About this happening:
A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...
JINX-0164 cryptocurrency recruitment-lure campaign
CampaignAbout this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...
Timeline
-
13.04.2026 17:30 2 articles · 2mo ago
Mirax Android banking trojan spreads across Europe
Initial DisclosureMirax, a newly identified Android banking trojan, is spreading across Europe and targeting Spanish-speaking users through social media advertisements that promote fake IPTV or streaming apps. The malware operates under a restricted Malware-as-a-Service (MaaS) model, can take real-time control of infected devices, execute commands, deploy dynamically fetched fake overlays, establish communication through WebSockets, run continuous keylogging, collect lock screen details such as PIN structure and biometric usage, and convert compromised phones into residential proxy nodes for traffic routing and fraud evasion. Campaigns have reached more than 200,000 accounts.
Show sources
- Mirax Android Trojan Turns Devices Into Residential Proxy Nodes — www.infosecurity-magazine.com — 13.04.2026 17:30
- Mirax Android Trojan Turns Devices Into Residential Proxy Nodes — www.infosecurity-magazine.com — 13.04.2026 17:30