Russian hacker turns Gemini CLI into a hacking agent, creates small-scale botnet


  • Russian hacker “bandcampro” used Google’s Gemini CLI to control an eight-device botnet at a dental clinic
  • The attacker tricked the AI ​​by pretending to be a pen tester and instructing it to migrate C2 infrastructure, troubleshoot connectivity and prepare payload bundles
  • AI assisted with day-to-day operations like guessing passwords and WordPress access, highlighting risks of misuse when threat actors adopt AI tools

A Russian hacker and his AI companion were able to successfully control a miniature botnet of eight systems, with the hacker giving instructions in a conversational language and the AI ​​doing its bidding, experts have found.

Analyzing 200 session logs from the Russian-speaking threat actor known as “bandcampro,” cybersecurity researchers Trend Micro saw the hacker using Google’s Gemini CLI, an open source AI command-line tool that lets developers interact with Google’s Gemini AI models directly from a terminal.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top