Gemini CLI used as a botnet operator

Gemini CLI used as a botnet operator
A Russian-speaking actor tracked as bandcampro used Google’s open-source Gemini CLI as a hacking agent across 200+ sessions, with logs showing at least 59 instances of the AI troubleshooting issues and suggesting improvements. Trend Micro says the setup controlled eight systems at a dental clinic, targeted OpenDental access, and migrated C2 infrastructure in six minutes.
The case shows practical abuse of agentic AI for day-to-day intrusion management, not just code generation. The infrastructure was lightweight and unsophisticated, but natural-language tasking still handled deployment, persistence, migration, and operator support at usable speed.
️ Open sources - closed narratives
Source: Telegram "sitreports"