--[ Anomalía #6 - LLMs and digital security: between noise and real advantage ]--

–[ Anomalía #6 - LLMs and digital security: between noise and real advantage ]–

  In the last week we have seen an explosion of new vulnerabilities reported in software of all types, driven in part by the joint work between humans and LLMs. Something similar happened when fuzzers became popular in the early 2000s: the speed of finding flaws increased and the time between discovering a vulnerability and developing a working proof of concept decreased. Today that cycle seems to repeat itself, now assisted by language models.

Offensive and defensive practices in digital security are already being affected by these tools. Not only in vulnerability research, but also in automated recognition, analysis of large volumes of data, generation of exploits, malware detection, threat intelligence monitoring and production of reports. Many previously slow or repetitive tasks can now be solved in minutes.

But along with the real possibilities also comes a new layer of marketing. Mythos, Anthropic’s new model, was presented as “too dangerous to be released publicly” for its supposed ability to find and exploit vulnerabilities. The narrative is not new: the AI industry also lives on expectation.

Although for now Mythos is only available to large corporations, under the idea of containing their most “risky” capabilities, it does seem clear that LLMs can accelerate useful work in security. Code auditing, configuration review, crash dump analysis, reading logs or quickly understanding complex code bases are tasks where they already offer tangible advantages.

In the talk Black Hat LLMs by Nicholas Carlini, presented at Unprompted 2026, the discovery of an old bug in FreeBSD that had not been attended to for decades was shown. The example was used as an example of the power of Mythos, although the vulnerability in question seemed closer to an exploitable null pointer reference such as a denial of service than to a digital catastrophe. Still, the demonstration was useful for another reason: it showed that models can already participate in real flows of technical analysis.

Vulnerabilities, moreover, are only part of the picture. In this edition we include the Gambit Security technical report on the exfiltration operation suffered by several Mexican government entities between December 2025 and February 2026. The report describes how attackers used Claude and ChatGPT as interactive agents for reconnaissance, discovery prioritization, code generation, privilege escalation, and persistence, all within a relatively orderly flow of operation. It also documents successful attempts to evade restrictions imposed by the models themselves.

In previous editions of Anomaly we also reviewed Android malware campaigns that incorporate AI to interpret screens, decide actions in real time and automate fraud or persistence. It’s already happening.

Threat intelligence is not far behind either. Tools like Clawdint show how LLM-assisted agents can automate tasks that many teams still do manually: indicator pivoting, data enrichment, clustering, and initial report writing.

At Zoque we use LLMs as force multipliers. Mainly for internal reports, quick scripts, repetitive tasks and sometimes log analysis or memory dumps. There is still much to explore, especially from our context: digital security aimed at civil society.

We do not believe that LLMs are going to replace those who work in security. We do believe that they are already tools capable of reducing time, expanding scope and changing the way in which research, defense and attacks are carried out. The sensible thing is not to fear them or idealize them: it is to understand and use them better.

–[ Research and tools ]–

Telegram networks for the exchange, sale and exhibition of non-consensual intimate images

Research maps networks organized in Europe that operate via Telegram channels and groups dedicated to the circulation of intimate content shared without consent, including child sexual abuse material. Spaces where digital gender harassment and violence practices against women are organized, often identified, named and exposed directly on the channels themselves.

The activity is sustained through access and payment schemes, validation between users and cross-border circulation, connecting with other platforms (TikTok, Instagram, Reddit) as entry and redistribution points. In these same spaces offers circulate for hacking and surveillance —access to accounts, gallery extraction, couple monitoring— that expand the collection of material and reinforce the cycle between intrusion, exposure and harassment.

–[Surveillance and targeted attacks ]–

MENA — spearphishing against civil society with sustained infrastructure and spyware deployment

Sustained campaigns between 2023 and 2025 against journalists, opponents and civil society actors, through false profiles and impersonation of services to compromise personal and professional accounts. Cases in Lebanon show effective compromises with credential interception and real-time 2FA.

The activity relies on a persistent phishing infrastructure with hundreds of domains and subdomains designed to mimic services such as Signal, iCloud, Zoom, and mail platforms, repurposed between campaigns.

The attacks combine credential theft with distribution of malicious Android applications (ProSpy), capable of exfiltrating contacts, messages and files, and operating through remote commands. The operation is linked to a hack-for-hire model with possible connections to BITTER APT, with signs of expansion in other regions such as LATAM.

–[ Infrastructure and operations ]–

Mexico — intrusion into AI-assisted government infrastructure

One operator committed multiple Mexican government entities and accessed large volumes of citizenship data, using commercial platforms such as Claude Code and GPT-4.1 as a direct part of the operational flow.

Forensic research shows sustained use of prompts, custom scripts, and automation to execute commands on compromised infrastructure, generate exploits, and process data extracted from hundreds of servers. Part of the remote execution was generated directly from these systems. The recovered materials include attack scripts, exploits targeting multiple vulnerabilities, and thousands of AI-generated commands executed on real systems.

–[Malware and campaigns ]–

LATAM — JanelaRAT targeting banking and financial services

Active campaigns in Brazil, Mexico and other countries in the region distribute JanelaRAT, a Trojan aimed at stealing financial data, with continuous user and system monitoring. The malware identifies when the victim interacts with financial services and activates specific actions: credential capture, screenshots and real-time session manipulation, maintaining persistent access through the browser. Infections are distributed via phishing and multi-stage strings that incorporate side-loading DLLs and browser extensions to collect activity, cookies and history. It includes remote control, simulation of inputs and superimposition of false interfaces to evade detection and intervene in active sessions.

Android — Mirax RAT converts devices into residential proxy nodes

Mirax, a new Trojan for Android distributed as MaaS, combines remote access capabilities with the ability to reuse infected devices as residential proxy nodes, routing traffic through legitimate IPs. The malware allows full device control, activity monitoring and data exfiltration, incorporating dynamic overlays to capture credentials and manipulate applications in real time.

Infections are distributed through campaigns that use ads on platforms like Meta and legitimate repositories to host droppers, reaching hundreds of thousands of accounts. Proxy integration within the RAT extends the use of compromised devices beyond direct fraud, enabling their use as infrastructure for other operations.

–[Leaks and accesses ]–

Argentina — possible leak in a medium linked to the air force

Reports indicate an incident in a media associated with the Argentine Air Force, with exposure of data and internal information. A possible relationship with the actor Chronus Team is mentioned, which has already appeared in previous snapshots of Exfiltradaz and in previous editions of Anomalía in the context of accesses and leaks in Latin America.

–[ ZOLIM - This week’s snapshot (04/17/2026) ]–

  For this week, ZOLIM incorporates 15 new IPs, reflecting the appearance of new command and control servers in several countries in the region.

They stand out:

• New instances of Metasploit detected in Colombia and Brazil.
• A new Havoc server in Peru, in the middle of the electoral context.
• The reuse pattern of residential IPs of the ISP Tigo Colombia (Colombia Telecomunicaciones / Colombia Móvil) is confirmed to alternate between DCRat and AsyncRAT on the Colombian coast. This infrastructure has previously been associated with Blind Eagle (APT-C-36).
• Argentina joins the wave of Quasar RAT with a new instance in Buenos Aires, hosted on a residential IP.

You can consult all the information and explore by country, IP, city, threat and other filters in the ZOLIM. dashboard

–[ Exfiltradaz - Snapshot from 03/24/2026 to 04/14/2026 ]–

  During this period, 41 references to leaks are recorded in 10 countries, Brazil and Colombia concentrate the greatest activity, but with different roles: Brazil as volume of credentials in circulation, Colombia less frequently but presence of financial data and public entities. The activity is distributed in open forums (niflheim, xforums, darkweb), with constant circulation of combos and accesses rather than unique high-impact leaks.

For now there are no dominant actors: the activity appears fragmented among multiple users, with the incorporation of new countries -El Salvador, Uruguay- in the period.

More details and complete records at Exfiltradaz.