The Mirax Bot Android malware is a malware-as-a-service platform that uses fake overlay injections on banking apps to steal credentials and one-time passcodes, combined with hidden VNC (HVNC) for remote device control to authorize fraudulent transactions.
A newly identified Android banking malware known as Mirax Bot is being promoted in underground cybercrime forums as a malware-as-a-service platform designed to facilitate financial fraud. The malware supports hundreds of banking and payment application “injects,” enabling attackers to display convincing fake overlays and capture credentials and one-time passcodes. It also uses hidden virtual network computing (HVNC) to remotely control infected devices without the user noticing, allowing attackers to open banking apps and authorize transactions silently. Infected devices can also be turned into residential proxies for additional malicious activity.