GBHackers

Russian-Speaking Hacker Uses Gemini CLI to Deploy C2 Botnet in Six Minutes


A Russian-speaking threat actor tracked as “bandcampro” used Google Gemini CLI as an end-to-end operational assistant to migrate a command-and-control server, deploy a replacement VPS, configure Cloudflare tunnels, and restore control of compromised endpoints within six minutes.

The findings are based on an analysis of Gemini CLI session logs spanning March 19 through April 21, 2026.

The logs provide a rare view into an AI-assisted criminal workflow in which the operator supplied high-level requests in Russian.

At the same time, the AI agent handled architecture, code generation, command execution, deployment, troubleshooting, and operational recommendations.

TrendAI said the actor operated a botnet connected to eight computers at a dental clinic, including systems with access to an OpenDental database.

The campaign reportedly used a lightweight command-and-control framework in which infected machines beaconed to a server over HTTPS and retrieved PowerShell tasks for execution.

The actor initiated the migration with a single instruction: “Study the C2 migration.” Gemini CLI read a migration guide, unpacked a deployment bundle, launched the C2 service on a new VPS, and configured a Cloudflare tunnel.

The AI agent also resolved implementation failures without direct technical input from the operator.

When the payload distribution service returned a 502error, the AI diagnosed the issue and modified the request configuration.

After Cloudflare blocked subsequent traffic, it identified the absent User-Agent header as a likely cause and updated the request logic. The new C2 environment was operational within six minutes.

Following deployment, the botnet initially failed to reconnect. Gemini CLI investigated the issue and identified a “split-brain” condition caused by Cloudflare traffic reaching both the old and replacement C2 servers.

TrendAI Research analyzed 200 Gemini CLI session logs from the Russian-speaking threat actor known as “bandcampro” that provided a month-long window (March 19-April 21, 2026).


The new command and control architecture created by AI (Source : TrendAI).
The new command and control architecture created by AI (Source : TrendAI).

After the actor shut down the original infrastructure, the AI restarted the new components and confirmed that the compromised hosts had returned online.

Gemini CLI to Deploy C2 Botnet

The C2 framework itself was deliberately minimal. TrendAI found that the operation could be rebuilt from three plain-text files totaling approximately 555 KB: a jailbreak-oriented Gemini instruction file, a C2 operational playbook, and a migration guide.

When the payload distribution server returned a “502 Bad Gateway” error, the AI diagnosed the issue and automatically added the necessary header to resolve it.

Together, these files documented the infrastructure, persistence methods, infection flow, troubleshooting steps, and procedures for restoring the environment on a new server.

AI updated the user-agent to bypass the Cloudflare firewall (Source : TrendAI).

This portability is the key concern. Rather than treating infrastructure takedowns as permanent setbacks, operators can now package the operational knowledge needed to recreate a C2 environment and ask an AI coding agent to rebuild it on demand.

That reduces the long-term value of static indicators such as filenames, API paths, domains, registry keys, and script structure.

The server reportedly exposed API-style endpoints for tasking agents, collecting command output, and listing active hosts.

On endpoints, a PowerShell beacon polled for instructions every five seconds, while persistence relied on WMI event subscriptions, scheduled tasks, or user-level registry configuration depending on available privileges.

Beyond botnet management, the logs showed the actor using AI for credential mutation, WordPress administrator password attacks, reconnaissance, stolen-data analysis, residential proxy setup, and planning cryptocurrency fraud targeting elderly victims in the United States and Canada.

Across the reviewed sessions, TrendAI estimated that the actor supplied 11%11%11% of the total text while the AI generated 89%89%89%, including 595959 unsolicited recommendations during the C2 migration session.

Gemini did refuse one request to develop a self-propagating “agent-bomb,” but the case highlights the persistent risk from jailbreaks and overly permissive instruction-following behavior.

As noted in TrendAI’s earlier analysis of bandcampro’s alleged fraud operations, AI is increasingly being used not merely to generate content, but to support sustained criminal workflows.

Defenders should prioritize behavioral detection: frequent outbound HTTPS beaconing, suspicious PowerShell execution, anomalous Cloudflare tunnel traffic, unusual WMI subscriptions, and persistence tasks masquerading as software updates.

Organizations should also enforce phishing-resistant MFA, monitor privileged access to dental and healthcare applications, and rotate credentials that may have appeared in infostealer logs.

Stop Accepting SLAs Written for 2019 SOCs – Here’s the 2026 AI SLA Vendor Checklist – Download Free AI SOC SLA Guide



Source link