Gemini CLI used as a botnet operator

Gemini CLI used as a botnet operator


Gemini CLI used as a botnet operator

A Russian-speaking actor tracked as bandcampro used Google’s open-source Gemini CLI as a hacking agent across 200+ sessions, with logs showing at least 59 instances of the AI troubleshooting issues and suggesting improvements. Trend Micro says the setup controlled eight systems at a dental clinic, targeted OpenDental access, and migrated C2 infrastructure in six minutes.

The case shows practical abuse of agentic AI for day-to-day intrusion management, not just code generation. The infrastructure was lightweight and unsophisticated, but natural-language tasking still handled deployment, persistence, migration, and operator support at usable speed.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"

Report Page