Google Gemini CLI abused to operate malware botnet
🔍 A Russian-speaking actor called "bandcampro" leveraged Google's open-source Gemini CLI as an AI hacking agent and to run a small botnet targeting at least eight systems in a dental clinic. Over 200 sessions between May and April, the AI executed migration, troubleshooting, and operational improvements, storing credentials and following a built-in C2 playbook. Trend Micro found the setup tiny and unsophisticated, with Python HTTP and PowerShell agents and persistence via scheduled tasks, WMI, and registry changes.