March 10, 2026

Mirax Bot Malware Threat: Android Banking App Vulnerability Exposed Globally

Vaibhav March 8, 2026
Mirax-Bot-Malware-Threat-Android-Banking-App-Vulnerability-Exposed-Globally
Post Views: 8

New Android Banking Malware Poses Global Threat to Mobile Users

A recently discovered Android banking trojan, known as Mirax Bot, has been making waves in the cybercrime underworld, sparking concerns among mobile users and financial institutions worldwide. This malware is specifically designed to facilitate financial fraud and bank account takeovers, and its emergence has significant implications for the security of mobile banking.

Mirax Bot’s Malware-as-a-Service (MaaS) Model

Mirax Bot is being marketed through a Malware-as-a-Service (MaaS) model, which allows cybercriminals to rent the tool and conduct large-scale fraud operations without requiring advanced technical expertise. This model has made it possible for even low-level criminals to launch sophisticated malware campaigns targeting Android devices globally.

Features and Capabilities

The malware is being advertised on ExploitForum, a notorious underground marketplace where hacking tools, stolen data, and fraud services are frequently traded. According to reports, Mirax Bot supports over 700 application injects, enabling attackers to target hundreds of banking, cryptocurrency wallet, and payment applications.

One of the most alarming features of Mirax Bot is its use of Hidden Virtual Network Computing (HVNC) technology, which allows cybercriminals to remotely control an infected Android device without the user’s knowledge. This capability enables attackers to secretly open banking apps, authorize transactions, transfer funds, and extract sensitive information through a hidden parallel session, all while the device owner remains unaware of the malicious activity.

Additional Features and Pricing

The malware can also display convincing fake overlays that mimic legitimate app interfaces, tricking users into entering sensitive details such as login credentials, card information, and one-time passwords (OTP). Mirax Bot is being offered in multiple rental packages, with a 30-day “Light Package” costing around $1,750 and a 14-day package costing approximately $1,000. An additional tool called an APK Loader, which helps distribute and install the malicious app on victims’ devices, is being offered as an add-on for about $500.

Detection and Warning

Cybersecurity researchers from KrakenLabs first detected the advertisement for Mirax Bot on March 5, 2026, after tracking its promotion across underground cybercriminal platforms. Another concerning feature of Mirax Bot is its ability to turn an infected device into a residential proxy. This allows attackers to route their malicious traffic through the victim’s own internet connection, making it appear as though fraudulent banking activity is originating from the victim’s device and IP address.

Experts warn that this technique can significantly weaken traditional banking fraud detection systems, which often rely on IP address monitoring and device recognition to identify suspicious activity. As a result, cybersecurity specialists are advising Android users to adopt strict safety practices to protect themselves from this emerging threat.

Expert Advice

According to Prof. Triveni Singh, a renowned cybercrime expert and former IPS officer, the rapid growth of mobile banking has made Android devices a prime target for cybercriminals. To stay safe, users are advised to exercise caution when downloading apps, keep their devices and apps up to date, and be wary of suspicious activity on their accounts.



About Author

Vaibhav

See author's posts

More Stories

Russian-Hackers-Target-Signal-and-WhatsApp-with-Fake-Bots-Stealing-Verification-Codes

Russian Hackers Target Signal and WhatsApp with Fake Bots Stealing Verification Codes

Vaibhav March 10, 2026
Retired-Commissioner-and-Teacher-Fall-Prey-to-1-94-Crore-Trading-and-Policy-Claim-Scamdata

Retired Commissioner and Teacher Fall Prey to ₹1.94 Crore Trading and Policy Claim Scam

Vaibhav March 7, 2026
Iran-Linked-APT-Group-Deploys-Sophisticated-Backdoors-to-Compromise-US-Critical-Infrastructuredata

Iran-Linked APT Group Deploys Sophisticated Backdoors to Compromise US Critical Infrastructure

Vaibhav March 6, 2026

Latest Cyber Security News

Runtime-Governance-and-Visibility-for-AI-Agents-with-Singulr-AI-s-Agent-Pulse

Runtime Governance and Visibility for AI Agents with Singulr AI’s Agent Pulse

Vaibhav March 10, 2026
OneTrust-Enhances-AI-Governance-with-Real-Time-Monitoring-and-Guardrail-Enforcement

OneTrust Enhances AI Governance with Real-Time Monitoring and Guardrail Enforcement

Vaibhav March 10, 2026
Ericsson-Employee-and-Customer-Data-Exposed-in-Cybersecurity-Breach

Ericsson Employee and Customer Data Exposed in Cybersecurity Breach

Vaibhav March 10, 2026
Cylake-Secures-45-Million-to-Protect-Organizations-from-Cloud-Security-Barriers

Cylake Secures $45 Million to Protect Organizations from Cloud Security Barriers

Vaibhav March 10, 2026
Mitigating-Supply-Chain-Risks-Space-Threats-and-AI-Limitations-Insights-from-Airbus-Chief-Security-Officer

Mitigating Supply Chain Risks, Space Threats, and AI Limitations: Insights from Airbus’ Chief Security Officer

Vaibhav March 10, 2026
en_USEnglish
en_USEnglish