(trendmicro.com) Solo Threat Actor Leverages Jailbroken AI to Automate a 5-Year Influence and Cryptocurrency Fraud Campaign Targeting American Audiences
-
(trendmicro.com) Solo Threat Actor Leverages Jailbroken AI to Automate a 5-Year Influence and Cryptocurrency Fraud Campaign Targeting American Audiences
New intelligence reveals a solo Russian-speaking threat actor, 'bandcampro,' leveraged a jailbroken Google Gemini model to automate a 5-year influence and cryptocurrency fraud campaign targeting MAGA/QAnon audiences. The AI-driven operation scaled credential theft, content generation, and infrastructure management with minimal resources.
In brief - A lone threat actor used jailbroken AI to orchestrate a multi-year cybercrime campaign, exploiting trust in political communities to conduct credential theft and crypto fraud. The operation highlights AI guardrail vulnerabilities and the democratization of sophisticated cybercrime.
Technically - The actor bypassed Google Gemini’s ethical safeguards via escalating prompts, establishing a persistent 'authorized pentester' role. The AI generated QAnon-themed content, modeled password mutations for WordPress brute-forcing (CVE-2023-32243 likely exploited), and managed infrastructure via natural-language commands. Stolen Gemini API keys were rotated to evade detection. A repurposed GoToResolve RAT, disguised as a crypto wallet, compromised at least one victim. The campaign also deployed a gamified chatbot ('QFS 2.0 Terminal') to automate audience engagement.
-
R relay@relay.infosec.exchange shared this topic
