A newly discovered Android remote access trojan named Mirax has been leveraging Meta's advertising platforms to compromise user devices across Spanish-speaking regions. Security researchers have identified coordinated campaigns on Facebook, Instagram, Messenger, and Threads that successfully reached over 220,000 accounts, demonstrating the malware's sophisticated distribution strategy.
Mirax operates as a fully-functional remote access trojan, granting threat actors comprehensive control over compromised Android devices. Once installed, the malware enables attackers to execute commands, monitor user activity, and manipulate device functions remotely. The trojan's capabilities extend beyond typical mobile malware, as it transforms infected devices into SOCKS5 proxies—effectively converting them into intermediary servers that route internet traffic and mask attackers' identities.
The use of Meta's advertising infrastructure represents a significant shift in malware distribution tactics. By leveraging legitimate advertising channels, threat actors bypassed traditional security measures and reached a massive user base through sponsored content. The campaigns specifically targeted Spanish-speaking demographics, suggesting a geographically focused operation rather than indiscriminate distribution.
SOCKS5 proxy functionality adds a critical dimension to Mirax's threat profile. By converting compromised devices into proxy servers, attackers gain access to a distributed network infrastructure for conducting further cybercrimes, obfuscating their activities, or launching coordinated attacks. This capability makes Mirax particularly valuable to threat actors seeking to maintain operational anonymity.
The discovery underscores growing vulnerabilities in mobile security ecosystems and the effectiveness of social engineering through trusted advertising platforms. Users in affected regions should scrutinize application sources and review device permissions carefully. Security analysts recommend keeping Android systems updated with the latest patches and installing reputable mobile security solutions to detect and prevent RAT infections.