Jailbroken Gemini helped Russian-speaking fraudster target MAGA crypto users

A solo Russian-speaking threat actor used a jailbroken Google Gemini in a fraud and credential-theft campaign targeting hardcore Trump supporters and conspiracy theorists.

Between September 2025 and May 2026, the “low-skilled” scumbag using the handle bandcampro partnered with the LLM to impersonate an American veteran, run a Telegram channel (@americanpatriotus), hack admin credentials, and steal cryptocurrency, according to a threat report from TrendAI. His only “real cost” in the operation was stolen API keys.

Bandcampro ultimately reached about 17,000 subscribers, used 73 likely-stolen Gemini API keys, hacked 29 WordPress admin credentials, infiltrated at least one company, and emptied at least one victim’s cryptocurrency wallets, according to TrendAI researchers Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov. 

The threat-hunters detailed the campaign in a Thursday report, and said while the Telegram channel dates back five years, bandcampro’s success skyrocketed once he started using AI-generated content last fall.

“We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI’s VP of AI security and threat research, told The Register, adding that “bandcampro’s conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.”

Kellermann said the attack “highlights LLMs’ Achilles heel, which is the tremendous exposure to API attacks.” 

TrendAI researchers discovered the scammer’s infrastructure in May, which exposed the full contents of the individual’s operational environment. 

He used Google Gemini to generate the Telegram channel text and Venice.ai to power an interactive chatbot designed to simulate a Quantum Financial System (QFS) terminal. 

Neither Google nor Venice responded to The Register’s requests for comment.

The campaign targeted the QAnon and MAGA communities, mimicking the cryptic, anonymous “Q drop” messages at the heart of the QAnon conspiracy, but the researchers say his “use of information operation techniques was more likely for cryptocurrency fraud instead of political motives,” based on the content posted, and the stock remote access trojan (RAT) used alongside other commercial malware.

On September 9, 2025, the actor posted a fake “freedom-first, self-custody wallet” called StellarMonster, with a welcome bonus of up to 1,000 XLM (about $380) on the Telegram channel.

It was an executable named StellarMonSetup.exe. Malware analysis determined that in reality, StellarMonSetup.exe is a legitimate remote access tool called GoToResolve, which gives the operator a persistent remote desktop session with file access, command execution, and clipboard capture. 

Plus, any subscribers who used the “import your wallet” function and typed their seed phrase into the fake import screen gave the attacker their wallet keys.

“At least one victim’s crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner’s 40+ wallet addresses harvested across all major chains,” the researchers noted.

The attacker also used an AI-powered brute-forcing tool to hack WordPress accounts, we’re told. “The script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists,” Trend wrote.

In total, the AI-assisted WordPress hacking operation cracked 29 WordPress administrator accounts, including those belonging to weapons retailers, legal offices, medical practices, and small commercial sites.

During his conversations with Gemini, bandcampro asked questions like: “When the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?” The criminal also asked how professional crypto call centers scam North American victims and Gemini suggested Medicare and/or Health Canada fraud targeting the elderly.

The Russian speaker also automated his content campaign through a pipeline he named “Quantum Patriot,” a set of Python scripts that called Gemini to role-play as an American veteran patriot. The pipeline fed a preset list of newsfeeds into the LLM and Gemini rewrote them, prompted to act as an admin of an “American Patriot” channel looking for “hidden angles.”

The crypto- and credential-thief also used Gemini to help him hack, set up a command-and-control framework – including a mail-testing tool, a Gmail aggregator, and an anonymous proxy on a VM in the Netherlands – steal and validate credentials, and run the chatbot.

“In the anatomy of one busy working day, Gemini deployed servers, helped debug code, automated workflows, wrote a script to rotate API keys, and managed the actor’s Cloudflare tunnels,” the TrendAI researchers wrote. “The actor prompted in Russian, while the LLM reasoned and replied in English. Over one 16-hour session, the actor co-worked with Gemini end-to-end.”

At one point, after a nine-hour pause from the human partner, which the authors say “was likely a 9-hour sleep,” bandcampro found the bot posting every 20 minutes without a break – but with Russian slang appearing in the English posts. So he opened another session to fix it.

“What previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models,” Trend’s team warned. ®