Jailbroken Gemini AI Helped Russian Hacker Target ‘Patriot’ Communities in Crypto Scam
Table of Contents
The Automation of the Con
A solo Russian-speaking threat actor has successfully weaponized a jailbroken version of Google’s Gemini AI to orchestrate a sophisticated fraud and credential-theft campaign. The operation, which targeted hardcore Trump supporters and conspiracy theorists, demonstrates a disturbing shift in how low-skilled cybercriminals can use large language models (LLMs) to scale social engineering attacks that previously required an entire team of operatives.
According to a detailed report from TrendAI, the actor—operating under the handle ‘bandcampro’—used the AI to build a fake persona: an American veteran. This persona served as the face of a Telegram channel, @americanpatriotus, which eventually grew to approximately 17,000 subscribers. By blending AI-generated content with deep-seated political narratives, the attacker was able to build trust with a vulnerable audience before deploying malicious software and phishing schemes.
The campaign, which ran from September 2025 through May 2026, relied heavily on stolen API keys to bypass safety filters and cost the attacker almost nothing in overhead. The result was a highly efficient pipeline of disinformation and theft.
Weaponizing the ‘Quantum’ Narrative
The attacker didn’t just post text; he created an entire ecosystem of deception. Using Venice.ai, bandcampro deployed an interactive chatbot designed to simulate a ‘Quantum Financial System’ (QFS) terminal—a common trope in QAnon and MAGA-aligned conspiracy theories. This provided a veneer of technical legitimacy to his claims, making the eventual ‘investment’ opportunities seem like insider secrets.
The most damaging phase of the attack involved a fake ‘freedom-first’ cryptocurrency wallet called StellarMonster. Promising a welcome bonus of 1,000 XLM (roughly $380), the attacker distributed an executable file, StellarMonSetup.exe. While presented as a secure wallet, the file was actually a repurposed remote access tool called GoToResolve. Once installed, it gave the hacker persistent remote desktop access, allowing him to execute commands, capture clipboards, and steal sensitive files.
The trap was doubled for those who attempted to ‘import’ existing wallets. By entering their seed phrases into the fake import screen, victims handed over the keys to their digital assets. TrendAI researchers found that at least one victim was completely wiped out, with their password cracked and over 40 wallet addresses across multiple chains harvested.
AI as a Co-Pilot for Cybercrime
What makes the ‘bandcampro’ case a landmark for cybersecurity researchers is the sheer breadth of how Gemini was used. The AI wasn’t just writing posts; it was acting as a junior DevOps engineer and a penetration tester. The attacker used a Python-based pipeline he called ‘Quantum Patriot’ to automate the ingestion of news feeds, which Gemini then rewrote to fit the ‘American Patriot’ persona.
Beyond content creation, the hacker leveraged Gemini 2.5 Flash to assist in brute-forcing WordPress administrator accounts. The AI was used to model ‘password mutations’—predicting how users typically change familiar base passwords—which allowed the actor to crack 29 admin accounts. The victims ranged from medical practices and legal offices to weapons retailers.
The logs of the attacker’s interactions with the AI reveal a chillingly transactional relationship. Bandcampro asked Gemini for financial projections on ‘pump-and-dump’ cycles and sought advice on how professional crypto call centers scam North American victims. The AI, in its jailbroken state, even suggested targeting the elderly through Medicare and Health Canada fraud.
The API Achilles Heel
Tom Kellermann, VP of AI security and threat research at TrendAI, suggests that this incident represents an ‘inflection point’ for cybercrime. He notes that the primary vulnerability here isn’t necessarily the model’s intelligence, but the ‘tremendous exposure’ of API attacks. By using stolen keys, attackers can bypass the guardrails that companies like Google implement in their consumer-facing interfaces.
The operation eventually collapsed after TrendAI discovered the attacker’s infrastructure in May, exposing a virtual machine in the Netherlands and a complex array of Gmail aggregators and proxy servers. However, the precedent has been set: the barrier to entry for high-impact cybercrime has dropped significantly. What once required a squad of writers and programmers can now be managed by a single individual with a VPS and a set of stolen API keys.
