MIRAX malware on Android is plaguing heavily.

MIRAX malware on Android is plaguing heavily via fake ads. Over two hundred thousand cases have been found.

Malware and the Android operating system can be called a counterpart. It is not indispensable. It is normal to detect malware that attacks this system, but it should not be complacent at all, because the complacent can be one of the many victims in this news.

According to a report by the website Security Affair, the detection of a malware type remotely controlled machine or a new RAT (Remote Access Trojan) called MIRAX. This malware focuses its attacks on a group of Android users who will focus their attacks on a group of Spanish users. The attack on the victim is done through the shooting of fake ads on popular social media, Facebook, and Instagram. It is claimed to be an application such as a bootleg streaming app, a free watch ball app. If the victim accidentally clicks an ad, the ad will lead the victim to a fake website where the website is protected from being attacked. Very well monitored. The victim can only access the website through mobile phone use, preventing the monitoring team that often uses the computer from accessing the fake web by normal means.

The website will persuade it to download and install the fake application itself through an APK installation file, also known as a Sideloading installation. The file is deposited on GitHub. Repacking is often changed to evade the detection system. After the victim has successfully installed the fake application on the machine, it will act as a malware driver to release the embedded malware file (Payload) in the .dex genus Encryption file format, which will be decoded by the RC4 algorithm. The second payload loosens the last payload, an Encrypted APK file hidden within the extension malware, which is encrypted in XOR format, installed.

After the malware is fully embedded on the machine, the malware disguised as a video app will request access to the Disability Assistance Mode or Accessibility Mode to gain complete access to the machine. After taking control of the machine, the malware will use an overlap screen to steal passwords (Overlay Attack). In addition to this method, the malware also has the ability to steal data and control the machine in many ways, whether it is taking control of the screen to secretly save the screen, stealing files on the machine, taking control of applications (App Manager). Data is sent to a C2 or Command and Control server via WebSocket, and a capability beyond the same form of malware is the ability to convert the victim's machine into SOCKS5 Residential Proxies so that hackers can use the victim's IP number in cyberterrorism.

# Trending # Lemon 8 Howtoo # lemon 8 diary # MIRAX # freedomhack