Russian hacker turns Gemini CLI into hacking agent and creates small-scale botnet



  • Russian hacker “bandcampro” used Google’s Gemini CLI to control a botnet of eight devices in a dental clinic
  • The attacker tricked the AI ​​by posing as a penetration tester, ordering it to migrate C2 infrastructure, troubleshoot connectivity issues, and prepare payload packets.
  • AI helped with daily operations like guessing passwords and accessing WordPress, highlighting the risks of misuse when threat actors co-opt AI tools.

A Russian hacker and his AI partner were able to successfully control a miniature botnet of eight systems, where the hacker gave instructions in conversational language and the AI ​​carried out his orders, experts found.

Analyzing 200 session logs obtained from the Russian-speaking threat actor known as “bandcampro,” Trend Micro cybersecurity researchers saw the hacker using Google’s Gemini CLI, an open source AI command-line tool that allows developers to interact with Google’s Gemini AI models directly from a terminal.

Leave a Comment

Your email address will not be published. Required fields are marked *