Canary Trap’s Bi-Weekly Cyber Roundup
Welcome to Canary Trap’s Bi-Weekly Cyber Roundup. Our mission is to keep you informed with the most pressing developments in the world of cybersecurity. This digest serves as your gateway to critical updates and emerging threats across the industry.
This week’s roundup highlights how quickly the threat landscape is shifting across both regions and technologies. We look at why Latin America is now being labeled the highest-risk region for cyberattacks, how exposed LLM endpoints are being abused in the unusual “Bizarre Bazaar” operation, and a renewed government-focused campaign by Mustang Panda using an updated COOLCLIENT backdoor. On the consumer side, we cover Phantom malware hidden in modified Android games that turns devices into ad-fraud tools, and Google’s warning about active exploitation of the critical WinRAR vulnerability CVE-2025-8088.
- Surging Cyberattacks Boost Latin America to Riskiest Region
Latin America and the Caribbean have become one of the most heavily targeted regions in the global cyber threat landscape, with attack volumes now outpacing most other geographies. Recent threat intelligence shows organizations in the region facing thousands of attempted cyber incidents each week, well above the global average. Information disclosure, remote code execution attempts, and authentication bypass are among the most common techniques observed, with ransomware also maintaining a steady foothold.
Security researchers attribute the rise to several converging factors. Data-theft extortion models are expanding, credential-stealing campaigns are accelerating, and attackers are increasingly targeting internet-facing and edge infrastructure. The growing use of AI by threat actors is also amplifying the scale and speed of operations. Sectors such as healthcare and manufacturing are expected to remain high-priority targets due to operational sensitivity and often uneven security maturity.
Country-level targeting varies by dataset, but larger digital economies with strong international business ties consistently draw attention from financially motivated groups and initial access brokers. These actors frequently trade stolen credentials and footholds in regional underground forums, streamlining repeatable intrusion pathways. A surge in credential-based compromises suggests identity security remains a key weak point across many environments.
At the same time, geopolitical dynamics are shaping the threat picture. China-linked espionage activity in Latin America has grown, particularly against government, telecom, and defense-related entities. While state-backed operations occur less frequently than criminal campaigns, they carry strategic weight and reflect the region’s increasing importance in global power competition.
Rapid digital transformation is another double-edged sword. Expanding cloud adoption, modernization initiatives, and greater connectivity across industries are improving efficiency but also widening the attack surface. Manufacturing, financial services, and public-sector systems often hold valuable data and critical operations, yet may lack mature detection and response capabilities.
AI adoption introduces additional exposure. Many organizations using generative AI tools have been observed submitting prompts that include sensitive or potentially sensitive data, raising concerns about data leakage and governance gaps. As AI becomes more embedded in workflows, enforcing clear usage policies and monitoring for risky interactions will be essential.
Overall, Latin America has shifted from a secondary theater to a primary focus for both cybercriminal groups and sophisticated state-aligned actors. Strengthening ransomware resilience, tightening identity and access controls, securing edge devices, and implementing robust AI governance are emerging as priority areas for organizations seeking to reduce operational and data risk in an increasingly hostile environment.
- Hackers Hijacked Exposed LLM Endpoints in Bizarre Bazaar Operation
Security researchers are tracking an emerging criminal operation focused on hijacking poorly secured AI infrastructure, marking one of the clearest examples so far of organized “LLMjacking” activity.
Over a 40-day observation window, Pillar Security recorded more than 35,000 intrusion attempts against its honeypot LLM environments. The activity exposed a structured campaign, dubbed “Bizarre Bazaar”, that systematically hunts for exposed or weakly protected large language model (LLM) endpoints and turns that access into revenue.
Rather than exploiting flaws in model code, the operators concentrate on misconfigured deployments and unauthenticated services. Once inside, they pursue several monetization paths:
- Abusing GPU/compute resources for tasks such as cryptocurrency mining.
- Reselling stolen API access through underground channels.
- Harvesting sensitive data from prompts and chat histories.
- Attempting lateral movement into internal systems via exposed Model Context Protocol (MCP) services.
Because LLM inference is resource-intensive and often tied to sensitive enterprise workflows, compromised endpoints can generate direct financial losses and create high-value footholds inside corporate environments.
The campaign primarily targets: self-hosted LLM deployments, publicly reachable AI APIs without proper authentication, internet-exposed MCP servers, and development or staging AI systems with public IP addresses.
Researchers observed repeated exploitation of common misconfigurations, including open Ollama services (port 11434), OpenAI-compatible APIs (port 8000), and unsecured production chat interfaces. In many cases, probing began within hours of systems appearing in internet-wide scan engines such as Shodan or Censys.
Pillar’s analysis suggests the operation involves multiple coordinated roles. Starting with discovery actors that automate large-scale scanning for exposed LLM and MCP services. Then over to access validators that confirm exploitation paths and test usability. Followed by, resellers who commercialize access via an online service known as SilverInc, promoted on Telegram and Discord.
In parallel, investigators are tracking a related wave of reconnaissance targeting MCP endpoints specifically. These systems can expose deeper integration points with Kubernetes clusters, cloud resources, and shell-level capabilities, potentially enabling far more damaging post-compromise activity than simple resource theft.
While not definitively tied to Bizarre Bazaar, the overlap in targeting suggests a growing focus among threat actors on AI control planes as entry points into enterprise environments. This underscores a shift in attacker economics: AI infrastructure is becoming both a direct revenue source and a strategic pivot point. Unlike traditional API abuse, compromised LLM services combine high operational costs, access to proprietary data flows, and potential pathways into broader cloud and containerized environments.
As organizations accelerate AI adoption, basic security hygiene, authentication, network segmentation, exposure management, and monitoring of AI-specific services, has become critical to preventing their models from being quietly folded into someone else’s business model.
- Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
A China-linked threat group commonly tracked as Mustang Panda has been observed using an updated build of its COOLCLIENT backdoor in recent espionage operations, significantly expanding its data collection capabilities on compromised systems.
Recent investigations show the group targeting government organizations across parts of Asia and Eastern Europe, with intrusions frequently involving multiple tools rather than a single malware family. COOLCLIENT is typically deployed as a secondary payload alongside other well-known Mustang Panda toolsets such as PlugX and LuminousMoth, indicating a layered post-compromise strategy.
The operators continue to rely heavily on DLL side-loading to run their malware under the guise of legitimate software. In these attacks, a signed and trusted executable is abused to load a malicious DLL, helping the activity blend into normal system operations. Over several years, the group has repurposed binaries from widely used applications, and more recent campaigns have leveraged software associated with Sangfor appliances to stage infections. Some of the latest variants have even been seen deploying a previously undocumented rootkit, suggesting an effort to deepen persistence and evade detection.
COOLCLIENT itself is not delivered as a simple standalone implant. Instead, it arrives through encrypted loaders containing configuration data, shellcode, and in-memory modules, complicating static analysis and signature-based detection.
Functionally, COOLCLIENT goes well beyond basic file theft. The backdoor supports extensive host surveillance and remote control, including:
- Keylogging and clipboard monitoring.
- File system enumeration and exfiltration.
- Remote shell access.
- Service management on the host.
- Proxy and network credential harvesting.
- In-memory execution of additional plugins.
The malware communicates with its command-and-control infrastructure over TCP and can establish reverse tunnels or proxy channels, giving operators flexible access paths into victim networks.
In parallel with COOLCLIENT, the group has deployed multiple credential-stealing tools aimed at Chromium-based browsers and, in at least one observed case, exfiltrated Firefox cookie databases to cloud storage. These tools appear to support broader post-exploitation objectives, including lateral movement and account takeover.
Other malware families associated with the same activity clusters include TONESHELL for persistence and payload delivery, QReverse for remote access and reconnaissance, and a USB-propagating component known as TONEDISK. Code similarities between some of these tools and malware attributed to other China-linked clusters point to possible tooling overlap or shared development resources.
Taken together, these campaigns suggest an evolution in operational priorities. While document theft remains a core objective, the tooling now emphasizes continuous monitoring of user activity, capturing keystrokes, clipboard data, and authentication material in real time. This level of surveillance provides attackers with both intelligence value and the means to expand access inside targeted environments.
For defenders, the activity reinforces the need to monitor for DLL side-loading abuse, anomalous use of signed binaries, and unusual child processes tied to legitimate applications, especially in environments where sensitive government or policy-related data is handled.
- Phantom Malware in Android Game Mods Hijacks Devices for Ad Fraud
A newly observed Android malware campaign is turning modified mobile games into quiet engines for large-scale ad fraud, effectively hijacking infected devices while staying invisible to users.
Researchers at Doctor Web have identified the threat as part of the Android.Phantom malware family. It is being distributed through trojanized versions of popular Android games shared via unofficial app stores and third-party download sites. Several titles that were previously legitimate were later updated with malicious code after being republished by the same developer account, indicating a supply-chain style compromise rather than obviously fake apps from the outset.
Once a tainted app is installed, the malware runs alongside the game with no clear warning signs. From the user’s perspective, the app behaves normally, which helps the infection persist unnoticed.
Android.Phantom functions under remote command and can switch between two primary modes:
- Ad-fraud automation (“phantom” mode). The malware silently launches a hidden web component that loads attacker-controlled pages. It then retrieves scripts and a machine-learning model designed to simulate realistic user behavior, scrolling, waiting, and clicking on ads in a way that mimics human interaction. This allows fraud operations to evade basic bot-detection systems and generate illegitimate advertising revenue at scale.
- Remote interactive control. In a second mode, the malware uses WebRTC to establish peer-to-peer connections with attacker infrastructure. This effectively streams a virtual view of the device and allows operators to perform actions in real time, tapping, swiping, typing, and navigating apps as if they were holding the phone themselves.
Doctor Web notes that Android.Phantom is not static. Newer versions include a dropper component that fetches additional modules from separate servers. These add more click-fraud capabilities and expand the range of targeted advertising platforms. The modular design makes the campaign flexible and harder to disrupt, as components can be swapped or updated independently.
The most concerning aspect is how little impact the malware has on visible app behavior. Infected games still launch and play as expected, while the malicious activity runs in the background. Victims may only notice indirect effects such as higher data usage, battery drain, or degraded device performance, symptoms that are easy to dismiss.
The campaign reinforces a long-standing security lesson: unofficial app sources significantly increase risk. APK download sites, modding communities, and file-sharing channels are common distribution points for repackaged apps carrying hidden payloads.
Practical defensive steps include, restricting installations to trusted and official app stores, avoiding “modded” or cracked versions of paid or popular games, keeping Android and security software up to date, and monitoring devices for unusual battery, data, or performance issues.
Even though official marketplaces are not immune to abuse, the likelihood of encountering threats like Android.Phantom rises sharply outside them. For organizations with managed Android fleets, enforcing app-source controls and mobile threat defense tooling is increasingly critical as mobile ad-fraud operations grow more sophisticated.
- Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google has disclosed active exploitation of a recently patched critical vulnerability in WinRAR, with activity spanning state-sponsored operators and financially motivated cybercriminal groups. The issue, tracked as CVE-2025-8088 (CVSS 8.8), was fixed in WinRAR 7.13, released July 30, 2025, but attackers continue to abuse unpatched systems in widespread campaigns.
The flaw is a path traversal vulnerability that allows malicious archives to place files in unintended directories, notably the Windows Startup folder, enabling persistence and code execution when a user logs in. By crafting specially designed archives, attackers can effectively achieve arbitrary code execution on vulnerable machines.
According to Google Threat Intelligence Group (GTIG), exploitation patterns show a consistent technique: a malicious component—often a Windows shortcut (LNK), is hidden within alternate data streams (ADS) inside a seemingly benign file in the archive. When extracted, the payload is written to a persistence location such as the Startup folder, ensuring automatic execution after reboot.
Security firm ESET, which reported the flaw, observed the dual espionage and financially driven group RomCom (also known as CIGAR/UNC4895) using the vulnerability as a zero-day as early as mid-July 2025 to deploy SnipBot (NESTPACKER). Google separately tracks the cluster behind Cuba ransomware as UNC2596, highlighting the overlap between intrusion sets and monetization-focused operations.
Multiple Russia-linked threat actors have since adopted the exploit. These include:
- Sandworm (APT44/FROZENBARENTS), using Ukrainian-language lures alongside malicious LNK files for follow-on payload delivery.
- Gamaredon (CARPATHIAN), targeting Ukrainian government entities with RAR archives containing HTA downloaders.
- Turla (SUMMIT), distributing the STOCKSTAY malware suite through themes tied to Ukrainian military and drone activity.
GTIG also identified a China-based actor leveraging the same vulnerability to deploy Poison Ivy, using a batch script dropped into the Startup folder to fetch additional malware.
Beyond state-linked operations, criminal groups rapidly integrated the exploit into commodity attack chains. Observed payloads include common remote access trojans (RATs), information stealers, and Telegram bot–controlled backdoors such as AsyncRAT and XWorm. In one financially motivated campaign targeting Brazilian users, attackers delivered a malicious Chrome extension capable of injecting JavaScript into online banking sessions to harvest credentials.
Researchers assess the scale and speed of adoption as evidence of a mature underground market for exploit tooling. GTIG noted that a seller operating under the alias “zeroplayer” advertised a WinRAR exploit in the weeks leading up to public disclosure, illustrating how prebuilt capabilities lower the barrier to entry for a wide range of actors.
A separate WinRAR flaw, CVE-2025-6218 (CVSS 7.8), is also seeing exploitation attempts from groups such as GOFFEE, Bitter, and Gamaredon. Together, these cases reinforce the ongoing operational risk posed by N-day vulnerabilities in widely used client-side software and the importance of rapid patching, application control, and user awareness around archive handling.
References:
https://www.darkreading.com/cyber-risk/surging-cyberattacks-latin-america-riskiest-region
https://thehackernews.com/2026/01/mustang-panda-deploys-updated.html
https://hackread.com/phantom-malware-android-game-mods-ad-fraud/
https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html
