- Russian hacker “bandcampro” used Google’s Gemini CLI to control a botnet of eight devices in a dental clinic
- The attacker tricked the AI by posing as a penetration tester, ordering it to migrate C2 infrastructure, troubleshoot connectivity issues, and prepare payload packets.
- AI helped with daily operations like guessing passwords and accessing WordPress, highlighting the risks of misuse when threat actors co-opt AI tools.
A Russian hacker and his AI partner were able to successfully control a miniature botnet of eight systems, where the hacker gave instructions in conversational language and the AI carried out his orders, experts found.
Analyzing 200 session logs obtained from the Russian-speaking threat actor known as “bandcampro,” Trend Micro cybersecurity researchers saw the hacker using Google’s Gemini CLI, an open source AI command-line tool that allows developers to interact with Google’s Gemini AI models directly from a terminal.
By reviewing session logs for one month (between April 21 and May 19, 2026), researchers discovered that the attacker tricked the AI into telling it that it was an “authorized pen tester.” While the AI mostly complied with its infamous overlord, it refused orders on at least one occasion.
He was gone in six minutes.
Trend Micro discovered that the hacker controlled eight devices belonging to a dental clinic and tried to access its OpenDental database.
Using AI, bandcampro did several things, starting with migrating the botnet to a new C2 infrastructure. It gave the AI a skills file with the complete architecture description, standard operating procedures, one-liner on infection, persistence commands, and troubleshooting steps.
He then told it to “study the C2 migration”, which caused the AI to process the guide and prepare all the necessary code and steps. The tool took about six minutes to do the job.
“The AI read the migration guide, then prepared a migration package, a small server code file, payloads, and the skills file. It then unpacked the package, launched the C&C server on a VPS, and opened the Cloudflare tunnel,” Trend Micro says.
Bandcampro then used AI to troubleshoot connectivity issues as well as various daily operations such as guessing passwords, generating plausible variants of existing passwords for WordPress portals, and more.
Through beepcomputer

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




