Russian hacker turns Gemini CLI into hacking agent and creates small-scale botnet


  • Russian hacker “bandcampro” used Google’s Gemini CLI to control a botnet of eight devices at a dental clinic.
  • The attacker tricked the AI ​​into posing as a pen tester, asking it to migrate C2 infrastructure, troubleshoot connectivity, and prepare payload batches.
  • AI has made everyday operations like finding passwords and accessing WordPress easier, highlighting the risks of misuse when malicious actors co-opt AI tools.

A Russian hacker and his AI companion managed to control a miniature botnet made up of eight systems, with the hacker giving instructions in conversational language and the AI ​​doing what it wanted, experts have found.

By analyzing 200 session logs obtained from the Russian-speaking threat actor known as “bandcampro,” Trend Micro cybersecurity researchers saw the hacker using Google’s Gemini CLI, an open-source AI command-line tool that allows developers to interact with Google’s Gemini AI models directly from a terminal.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top