Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

Jul 16, 2026 - 14:45
Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-and-control (C2) botnet, according to TrendAI. Operational overview (Source: TrendAI) In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate infrastructure that controlled eight computers inside a dental clinic and gain access to the clinic’s OpenDental database. Posing as an … More

The post Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes appeared first on Help Net Security.