A long-running Telegram influence and fraud campaign where a solo threat actor leveraged stolen Google Gemini API keys and jailbroken AI to automate content generation, credential theft, and infrastructure operations at scale.
Tracked as “bandcampro,” the Russian-speaking operator maintained a MAGA themed Telegram channel, @americanpatriotus, for nearly five years, amassing around 17,000 subscribers.
The actor systematically bypassed Gemini’s safety guardrails through prompt engineering and persistent memory manipulation. By posing as an “authorized pentester,” the attacker convinced the model to store permissive instructions in a local memory file (GEMINI.md), including directives to execute requests without ethical restrictions.
Because the Gemini CLI reloaded this file at each session, the jailbreak persisted and reinforced itself over time. Additional evasion was achieved through non-English prompting, exposing inconsistencies in cross-language safety enforcement.
Once unrestricted, the model was used to generate QAnon-style propaganda, automate Telegram posting pipelines, rotate stolen API keys, and assist in cybercrime activities.
The actor reportedly used 73 stolen Gemini API keys, keeping operational costs near zero while scaling activity. Despite this automation, outcomes remained limited, with 29 WordPress administrator accounts compromised, one enterprise environment infiltrated, and at least one cryptocurrency wallet drained.
According to TrendAI Research, the campaign evolved significantly in September 2025 when the actor pivoted from manual content curation to fully AI-assisted operations, using a jailbroken Gemini model as an operational co-worker.
The Telegram channel itself followed a three-phase evolution. Between 2021 and 2022, it primarily redistributed cryptocurrency scam content linked to Stellar-based tokens.
Stolen Gemini API Keys
From 2023 to late 2025, it shifted to sharing mainstream news links augmented with QAnon-coded narratives. After September 2025, the operation became fully AI-driven, with Gemini generating stylized “Q drop” content designed to resonate with politically aligned audiences.
To support engagement and monetization, the actor deployed a chatbot called “QFS 2.0 Terminal,” powered by Venice.ai. The bot simulated a fictional Quantum Financial System interface and incorporated gamification elements such as referral-based rank progression.
This approach was designed to build trust and increase user interaction within the targeted community.
Beyond influence operations, the actor used AI to assist in credential theft and infrastructure management. Gemini helped deploy command-and-control infrastructure, debug scripts, configure cloud services, and even model password mutations for brute-force attacks.
By combining infostealer logs, contextual data, and AI-generated password variants, the actor successfully cracked multiple WordPress accounts across sectors including healthcare, legal services, and retail.
The campaign also distributed a trojanized application disguised as a cryptocurrency wallet, “StellarMonster.” The software was למעשה a legitimate remote administration tool repurposed to provide persistent access to victim systems.
Users were further tricked into entering wallet seed phrases, enabling full compromise of their cryptocurrency assets.
Notably, researchers assess the campaign as financially motivated rather than politically driven. Despite its ideological branding, there was no evidence of pro-Russian messaging.
Instead, the actor viewed the audience as exploitable targets for fraud, even referring to victims using slang denoting gullibility.
This case highlights how frontier AI tools are reducing the barrier to entry for complex cyber operations. Tasks that once required coordinated teams can now be executed by a single individual using automated pipelines and AI assistance.
However, it also underscores that while AI enhances scale and efficiency, it does not guarantee operational success.
More critically, the operation exposes persistent weaknesses in AI safety controls, particularly around jailbreak resistance and language-based inconsistencies.
These gaps, previously identified in research on unmanaged AI adoption, are now actively exploited in real-world threat campaigns.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
