New intelligence reveals a solo Russian-speaking threat actor, 'bandcampro,' leveraged a jailbroken Google Gemini model to automate a 5-year influence and cryptocurrency fraud campaign targeting MAGA/QAnon audiences. The AI-driven operation scaled credential theft, content generation, and infrastructure management with minimal resources.

In brief - A lone threat actor used jailbroken AI to orchestrate a multi-year cybercrime campaign, exploiting trust in political communities to conduct credential theft and crypto fraud. The operation highlights AI guardrail vulnerabilities and the democratization of sophisticated cybercrime.

Technically - The actor bypassed Google Gemini’s ethical safeguards via escalating prompts, establishing a persistent 'authorized pentester' role. The AI generated QAnon-themed content, modeled password mutations for WordPress brute-forcing (CVE-2023-32243 likely exploited), and managed infrastructure via natural-language commands. Stolen Gemini API keys were rotated to evade detection. A repurposed GoToResolve RAT, disguised as a crypto wallet, compromised at least one victim. The campaign also deployed a gamified chatbot ('QFS 2.0 Terminal') to automate audience engagement.

Source: https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html

#Cybersecurity #ThreatIntel