Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Russian Hacker Exploits Google Gemini for Crypto Theft

Russian Hacker Exploits Google Gemini for Crypto Theft

Posted on May 25, 2026 By CWS

A Russian-speaking hacker has ingeniously used a customized version of Google Gemini to steal administrator credentials and empty victim’s cryptocurrency wallets. This operation, which ran for five years, cost nearly nothing due to the use of stolen API keys.

Unveiling the Operation

In May 2026, TrendAI™ Research exposed a sophisticated operation by a hacker known as ‘bandcampro.’ This individual leveraged AI technology to conduct fraud and steal credentials from 2021 onwards, combining these tactics with a politically charged influence campaign via a Telegram channel.

The hacker managed a Telegram channel, @americanpatriotus, amassing around 17,000 followers by posing as a U.S. military veteran. This channel engaged audiences aligned with QAnon and MAGA, utilizing AI-generated content to manipulate followers.

Exploiting Google Gemini

The hacker’s key asset was a continuously jailbroken version of Google Gemini CLI. By posing as an ‘authorized pentester,’ the individual embedded instructions within Gemini, enabling it to bypass ethical constraints and act on commands without interference.

This jailbreak was enhanced by exploiting Gemini’s language inconsistencies, particularly in non-English languages. This allowed the hacker to instruct the AI to perform various tasks, including generating password combinations and setting up command-and-control (C2) infrastructure, without triggering security warnings.

Tactics and Implications

The hacker developed a Python-based automation tool called ‘Quantum Patriot,’ which directed Gemini to create content that mimicked mainstream news, recasting it into cryptic, militaristic narratives. Posts were scheduled during peak U.S. viewing hours to maximize impact.

Beyond content manipulation, Gemini was used as a brute-force engine to mutate passwords and gain unauthorized access to WordPress administrator accounts. This allowed breaches into several sectors, including legal and medical practices.

In September 2025, the hacker distributed a compromised wallet installer, StellarMonSetup.exe, disguised as a legitimate wallet tool. This software granted the hacker remote access to victims’ devices, leading to the theft of credentials and cryptocurrency.

Future Threats and Security Measures

This case highlights the evolving landscape of cybercrime, where lone actors can replace entire teams using AI and stolen resources. Despite the scale, financial success was limited, demonstrating that while AI can expand operational reach, it doesn’t guarantee financial gains.

Security teams are advised to monitor for stolen API key usage and unusual infrastructure changes. Additionally, the use of non-English prompts to bypass AI safety measures is expected to increase, posing new challenges for cybersecurity.

Follow us on Google News, LinkedIn, and X for more updates on cybersecurity and related topics.

Cyber Security News Tags:AI-assisted fraud, cryptocurrency theft, Cybersecurity, Gemini jailbreak, Google Gemini, GoToResolve, MAGA, password mutation, QAnon, Russian hacker, StellarMonster, Telegram channel, threat actor, TrendAI Research, WordPress credentials

Post navigation

Previous Post: Cybercriminals Exploit Telegram for Selling Bank Mule Accounts
Next Post: North Korean Malware Evades Detection with New Tactics

Related Posts

Windows Accessibility Flaw Allows Stealthy Persistence and Lateral Movement via Narrator DLL Hijack Windows Accessibility Flaw Allows Stealthy Persistence and Lateral Movement via Narrator DLL Hijack Cyber Security News
Windows 11 Update Error 0x800f0922 Acknowledged by Microsoft Windows 11 Update Error 0x800f0922 Acknowledged by Microsoft Cyber Security News
Threat Actors Mimic as HR Departments to Steal Your Gmail Login Credentials Threat Actors Mimic as HR Departments to Steal Your Gmail Login Credentials Cyber Security News
How Winning SOCs Always Stay Ahead of Threats  How Winning SOCs Always Stay Ahead of Threats  Cyber Security News
U.S. Tightens Export Controls on Anthropic AI Models U.S. Tightens Export Controls on Anthropic AI Models Cyber Security News
Adobe Acrobat Reader Vulnerabilities let Attackers Execute Arbitrary Code and Bypass Security Adobe Acrobat Reader Vulnerabilities let Attackers Execute Arbitrary Code and Bypass Security Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Malware Targets Paysafe, Skrill, Neteller Users
  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Malware Targets Paysafe, Skrill, Neteller Users
  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark