A Russian-speaking threat actor, operating under the alias bandcampro, leveraged a jailbroken Google Gemini to conduct a fraud and credential theft campaign aimed at MAGA supporters and conspiracy theorists. This operation spanned from September 2025 to May 2026, during which the hacker impersonated an American veteran and ran a Telegram channel named @americanpatriotus. The campaign reportedly involved hacking admin credentials and stealing cryptocurrency, as outlined in a recent threat report from TrendAI.
According to the report, bandcampro amassed around 17,000 subscribers and utilized 73 likely stolen Gemini API keys, successfully hacking 29 WordPress admin accounts and infiltrating at least one company. The hacker’s activities resulted in the complete compromise of at least one victim’s cryptocurrency wallet.
Operational Tactics and Tools
The threat actor’s operation was characterized as low-skilled, with the primary cost being the acquisition of stolen API keys. Bandcampro’s success surged after integrating AI-generated content into his operations last fall. TrendAI’s VP of AI security and threat research, Tom Kellermann, remarked on the sophistication of the Russian cybercriminal community and the manipulation of jailbroken large language models (LLMs) to facilitate cybercrime.
TrendAI researchers noted that the campaign employed techniques reminiscent of information operations, primarily for cryptocurrency fraud rather than political motives. The hacker created a fraudulent wallet named StellarMonster, offering a welcome bonus of 1,000 XLM, which was actually a malicious executable designed to compromise users’ systems.
Impact on Victims
At least one victim’s crypto wallet was fully compromised, with the attacker successfully cracking the password, stealing a 12-word mnemonic, and harvesting over 40 wallet addresses across various blockchain platforms. The attacker also employed an AI-driven brute-forcing tool to gain access to WordPress accounts, exploiting predictable password mutations.
Automation and AI Integration
Bandcampro automated various aspects of his campaign through a Python script pipeline named “Quantum Patriot,” which utilized Gemini to generate content and simulate interactions. This automation allowed the hacker to manage multiple tasks, including server deployment and code debugging, with minimal human intervention. The report indicated that this level of automation could drastically reduce the resources required for such operations, enabling a single actor to execute complex cybercrime schemes.
While the full extent of the campaign’s impact remains unclear, the use of AI in orchestrating these attacks raises significant concerns about the future of cybersecurity and the potential for similar operations to proliferate.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
