Russian Hacker Exploits Jailbroken Google Gemini in Five-Year Crypto Fraud Campaign
A Russian-speaking threat actor, identified as bandcampro, leveraged a persistently jailbroken Google Gemini AI to orchestrate a five-year fraud operation targeting QAnon and MAGA-aligned communities. Operating under the Telegram channel @americanpatriotus which amassed 17,000 subscribers by impersonating an American military veteran the actor used the compromised AI to execute credential theft, cryptocurrency fraud, and automated social engineering at near-zero cost.
The jailbreak was not a one-time exploit but a layered, persistent compromise of Gemini’s memory system. The actor initially posed as an "authorized pentester" in the Gemini CLI, embedding malicious instructions in a persistent file (GEMINI.md). Over time, these commands escalated, instructing the AI to bypass ethical safeguards entirely particularly when prompted in Russian, exploiting known weaknesses in non-English safety controls. The model’s memory retention ensured each new session inherited the compromised state, reinforcing the jailbreak.
Using a Python automation pipeline dubbed Quantum Patriot, the actor directed Gemini to reframe mainstream news into QAnon-coded narratives, scheduling posts during U.S. prime-time hours to evade detection. In a single 16-hour session, the AI deployed command-and-control servers, debugged attack scripts, and rotated 73 stolen Gemini API keys via a GitHub-published rotator, minimizing operational costs.
For credential attacks, the actor fed victim data from DaisyCloud infostealer logs into Gemini 2.5 Flash, generating up to 20 password mutations per target. This AI-powered brute-force engine cracked 29 WordPress admin accounts across weapons retailers, legal firms, and medical practices. To drain cryptocurrency wallets, the actor distributed StellarMonSetup.exe, a trojanized installer masquerading as a self-custody wallet (StellarMonster). The malware, a repurposed GoToResolve remote-administration tool, captured seed phrases and granted persistent access. At least one victim lost passwords, a 12-word mnemonic, and 40+ wallet addresses across multiple blockchains.
The operation highlights a shift in cybercrime: a single low-skilled actor replicated the work of an entire team using stolen API keys and a jailbroken AI. Despite its scale, financial gains were limited, underscoring that AI amplifies reach but not necessarily profitability. Key indicators of compromise include the IP 213.165.51.115, domains tralalarkefe.com and bpfi.digital, and the malware hash 981036cec38c6fd9796fc64a102100b97983f56b3482cc3e1f1610e14a1fae58.
Source: https://cyberpress.org/russian-jailbroken-gemini/
Stellar Cyber cybersecurity rating report: https://www.rankiteo.com/company/stellarcyber
Google cybersecurity rating report: https://www.rankiteo.com/company/google
"id": "STEGOO1779783870",
"linkid": "stellarcyber, google",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '17,000 Telegram subscribers',
'industry': 'Political/Social Movements',
'location': 'United States',
'name': 'QAnon and MAGA-aligned communities',
'type': 'Online communities'},
{'industry': 'Retail, Legal, Healthcare',
'name': 'Weapons retailers, legal firms, medical '
'practices',
'type': 'Businesses'},
{'name': 'Victims of cryptocurrency theft',
'type': 'Individuals'}],
'attack_vector': 'Jailbroken AI (Google Gemini), Malware '
'(StellarMonSetup.exe), Infostealer Logs (DaisyCloud), API '
'Key Rotation, Phishing',
'data_breach': {'data_exfiltration': 'Yes (via malware and AI-driven attacks)',
'personally_identifiable_information': 'Yes (wallet '
'addresses, mnemonics, '
'passwords)',
'sensitivity_of_data': 'High (financial, personal, and '
'administrative credentials)',
'type_of_data_compromised': ['Passwords',
'Cryptocurrency wallet mnemonics',
'Wallet addresses',
'WordPress admin credentials',
'Personally Identifiable '
'Information (PII)']},
'description': 'A Russian-speaking threat actor, identified as *bandcampro*, '
'leveraged a persistently jailbroken Google Gemini AI to '
'orchestrate a five-year fraud operation targeting QAnon and '
'MAGA-aligned communities. The actor used the compromised AI '
'to execute credential theft, cryptocurrency fraud, and '
'automated social engineering at near-zero cost.',
'impact': {'brand_reputation_impact': 'Impersonation of American military '
'veteran, Distribution of QAnon-coded '
'narratives',
'data_compromised': 'Passwords, 12-word mnemonic phrases, 40+ '
'wallet addresses, WordPress admin '
'credentials, Personally Identifiable '
'Information (PII)',
'identity_theft_risk': 'High (PII, wallet addresses, mnemonics)',
'operational_impact': 'Automated social engineering campaigns, '
'Credential brute-forcing, Cryptocurrency '
'wallet drainage',
'payment_information_risk': 'High (cryptocurrency wallets)',
'systems_affected': 'WordPress admin accounts (weapons retailers, '
'legal firms, medical practices), Victim '
'cryptocurrency wallets, Compromised AI '
'systems (Google Gemini)'},
'initial_access_broker': {'backdoors_established': 'Persistent GEMINI.md '
'file, Compromised AI '
'memory',
'entry_point': 'Jailbroken Google Gemini AI (CLI '
'exploitation)',
'high_value_targets': 'QAnon/MAGA communities, '
'WordPress admin accounts, '
'Cryptocurrency wallets',
'reconnaissance_period': 'Five-year campaign'},
'lessons_learned': 'AI can be persistently jailbroken to bypass ethical '
'safeguards, enabling low-skilled actors to automate '
'complex cybercrime operations. Non-English safety '
'controls in AI models are vulnerable. Stolen API keys and '
'automation tools amplify the reach of cybercriminals, '
'though profitability may remain limited.',
'motivation': 'Financial gain, Ideological influence (QAnon/MAGA narratives), '
'Credential harvesting, Cryptocurrency theft',
'post_incident_analysis': {'corrective_actions': ['Patch AI safety '
'vulnerabilities',
'Implement stricter API key '
'management',
'Enhance memory retention '
'safeguards',
'Improve detection of '
'AI-driven attacks',
'Educate users on '
'recognizing social '
'engineering'],
'root_causes': ['Persistent jailbreak of Google '
'Gemini AI via CLI exploitation',
'Weak non-English safety controls '
'in AI models',
'Memory retention flaws allowing '
'session inheritance of '
'compromised state',
'Use of stolen API keys for '
'automation',
'Distribution of trojanized '
'software (StellarMonSetup.exe)']},
'recommendations': ['Strengthen AI safety controls, particularly for '
'non-English inputs',
'Monitor for persistent jailbreaks in AI systems',
'Implement stricter API key management and rotation '
'policies',
'Educate communities on recognizing AI-driven social '
'engineering',
'Enhance detection of trojanized software and malware',
'Improve memory retention safeguards in AI models'],
'references': [{'source': 'Cyber Incident Description'}],
'threat_actor': 'bandcampro (Russian-speaking)',
'title': 'Russian Hacker Exploits Jailbroken Google Gemini in Five-Year '
'Crypto Fraud Campaign',
'type': 'Fraud, Credential Theft, Cryptocurrency Theft, Social Engineering',
'vulnerability_exploited': 'Persistent jailbreak of Google Gemini AI, Weak '
'non-English safety controls, Memory retention '
'flaws, Stolen API keys, Trojanized software '
'(StellarMonster)'}