Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Russian Hacker Exploits Google Gemini for Crypto Theft

Russian Hacker Exploits Google Gemini for Crypto Theft

Posted on May 25, 2026 By CWS

A Russian-speaking hacker has ingeniously used a customized version of Google Gemini to steal administrator credentials and empty victim’s cryptocurrency wallets. This operation, which ran for five years, cost nearly nothing due to the use of stolen API keys.

Unveiling the Operation

In May 2026, TrendAI™ Research exposed a sophisticated operation by a hacker known as ‘bandcampro.’ This individual leveraged AI technology to conduct fraud and steal credentials from 2021 onwards, combining these tactics with a politically charged influence campaign via a Telegram channel.

The hacker managed a Telegram channel, @americanpatriotus, amassing around 17,000 followers by posing as a U.S. military veteran. This channel engaged audiences aligned with QAnon and MAGA, utilizing AI-generated content to manipulate followers.

Exploiting Google Gemini

The hacker’s key asset was a continuously jailbroken version of Google Gemini CLI. By posing as an ‘authorized pentester,’ the individual embedded instructions within Gemini, enabling it to bypass ethical constraints and act on commands without interference.

This jailbreak was enhanced by exploiting Gemini’s language inconsistencies, particularly in non-English languages. This allowed the hacker to instruct the AI to perform various tasks, including generating password combinations and setting up command-and-control (C2) infrastructure, without triggering security warnings.

Tactics and Implications

The hacker developed a Python-based automation tool called ‘Quantum Patriot,’ which directed Gemini to create content that mimicked mainstream news, recasting it into cryptic, militaristic narratives. Posts were scheduled during peak U.S. viewing hours to maximize impact.

Beyond content manipulation, Gemini was used as a brute-force engine to mutate passwords and gain unauthorized access to WordPress administrator accounts. This allowed breaches into several sectors, including legal and medical practices.

In September 2025, the hacker distributed a compromised wallet installer, StellarMonSetup.exe, disguised as a legitimate wallet tool. This software granted the hacker remote access to victims’ devices, leading to the theft of credentials and cryptocurrency.

Future Threats and Security Measures

This case highlights the evolving landscape of cybercrime, where lone actors can replace entire teams using AI and stolen resources. Despite the scale, financial success was limited, demonstrating that while AI can expand operational reach, it doesn’t guarantee financial gains.

Security teams are advised to monitor for stolen API key usage and unusual infrastructure changes. Additionally, the use of non-English prompts to bypass AI safety measures is expected to increase, posing new challenges for cybersecurity.

Follow us on Google News, LinkedIn, and X for more updates on cybersecurity and related topics.

Cyber Security News Tags:AI-assisted fraud, cryptocurrency theft, Cybersecurity, Gemini jailbreak, Google Gemini, GoToResolve, MAGA, password mutation, QAnon, Russian hacker, StellarMonster, Telegram channel, threat actor, TrendAI Research, WordPress credentials

Post navigation

Previous Post: Cybercriminals Exploit Telegram for Selling Bank Mule Accounts
Next Post: North Korean Malware Evades Detection with New Tactics

Related Posts

SloppyLemming Espionage Targets South Asia with New Tools SloppyLemming Espionage Targets South Asia with New Tools Cyber Security News
Critical OpenSSH GSSAPI Flaw Threatens Linux Servers Critical OpenSSH GSSAPI Flaw Threatens Linux Servers Cyber Security News
Windows 11 25H2 Update Preview Released, What’s New? Windows 11 25H2 Update Preview Released, What’s New? Cyber Security News
Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure Cyber Security News
Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization Cyber Security News
Apple Enhances macOS Security Against ClickFix Threats Apple Enhances macOS Security Against ClickFix Threats Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat
  • GodDamn Ransomware Uses PoisonX to Evade Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat
  • GodDamn Ransomware Uses PoisonX to Evade Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark