Toggle light / dark theme

Google Gemini CLI abused as a hacking agent, malware botnet operator

A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet.

The AI agent responded to the attacker’s prompts, troubleshooting problems on the fly and even proposing operational improvements at least 59 times.

In more than 200 sessions between May 19 and April 21, the threat actor worked with the AI tool to deploy and operate an infrastructure that controlled eight systems in a dental clinic and to get access to the OpenDental database.

Leave a Comment

Lifeboat Foundation respects your privacy! Your email address will not be published.

/* */