A solo Russian-speaking threat actor used a jailbroken Google Gemini in a fraud and credential-theft campaign targeting hardcore Trump supporters and conspiracy theorists. From September 2025 to May 2026, the actor used the handle bandcampro to partner with the LLM, impersonate an American veteran, and operate a Telegram channel. The actor hacked WordPress admin credentials, stole cryptocurrency, and infiltrated at least one company. The operation relied on stolen Gemini API keys, with the actor’s real cost described as the use of those keys. The Telegram channel grew to about 17,000 subscribers, using 73 likely-stolen Gemini API keys and hacking 29 WordPress admin credentials. AI-generated content increased success after last fall.
"“We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI's VP of AI security and threat research, told The Register, adding that “bandcampro's conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.”"
Read at theregister
Unable to calculate read time
Collection
[
|
...
]