Google Gemini CLI abused as a hacking agent, malware botnet operator

Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as “bandcampro” abused Google’s Gemini CLI as a hacking agent to run and maintain a small botnet, migrate its C2 infrastructure, and access a dental clinic’s OpenDental database. Trend Micro said the AI repeatedly helped with troubleshooting, automation, password guessing, and operational planning, though it refused one request to create a self-spreading agent-bomb. #GeminiCLI #bandcampro #OpenDental #TrendMicro

Keypoints

  • bandcampro used Gemini CLI to operate a botnet through natural-language prompts.
  • The AI helped migrate C2 infrastructure in about six minutes.
  • The botnet controlled eight systems in a dental clinic and targeted the OpenDental database.
  • Its attack workflow was stored in three plain-text files totaling about 5 KB.
  • The actor also used AI for password guessing and analyzing 1Password dumps.

Read More: https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/