A cybersecurity report alleges that a threat actor misused Google Gemini CLI to assist botnet management and cyber operations through natural-language prompts.

Hacker Abused Google Gemini CLI to Run Botnet, Automate C2 Migration and Support Cyber Operations

The420.in Staff
4 Min Read

New Delhi: A new cybersecurity research report has revealed that a Russian-speaking threat actor abused Google’s open-source Gemini CLI tool by using it as a “hacking agent” to assist in cyber operations. According to the report, the attacker relied on the AI tool to manage a small-scale botnet, migrate command-and-control (C2) infrastructure, administer compromised systems, and perform multiple attack-related technical tasks using natural-language instructions.

The report states that the threat actor, identified as “bandcampro,” interacted with Gemini CLI in more than 200 AI sessions during May and June 2026. Analysis of the recovered logs indicates that the AI provided technical troubleshooting on at least 59 occasions and also suggested improvements to various operational tasks carried out by the attacker.

According to the researchers, the threat actor used Gemini CLI to operate a botnet controlling eight computers at a dental clinic and attempted to gain access to the OpenDental database. The report claims that the AI was instructed to assume the role of an “authorized penetration tester,” allowing it to respond without displaying standard safety warnings. The skill file used with the AI reportedly contained detailed instructions covering the command-and-control architecture, infection procedures, persistence techniques, troubleshooting steps, and day-to-day operational guidance.

The report further states that the attacker relied on Gemini CLI to migrate the botnet to a new C2 infrastructure. After receiving a single instruction—”Study the C2 migration”—the AI analyzed the migration guide and generated the required code, server configuration, VPS deployment plan, Cloudflare Tunnel setup, and initial debugging process. Researchers claim that the entire migration was completed in approximately six minutes.

FCRF Launches Certified AI-Powered SOC Analyst Program to Train the Next Generation of Cyber Defence Professionals

According to the report, when some infected systems initially failed to reconnect to the new server, the AI identified conflicting traffic between the old and new servers. Once the previous server was shut down, all compromised machines successfully reconnected to the new C2 infrastructure, restoring normal operations.

Investigators also found that the attacker managed the botnet almost entirely through natural-language prompts. The AI was asked to identify which systems were online, list files stored on compromised machines, and generate new infection links. The entire operational framework reportedly consisted of only three plain-text files totaling about 5 KB, including a Gemini jailbreak prompt, a command-and-control playbook, and a migration guide.

India’s Largest Cybercrime Conference Nears: FutureCrime Summit 2026 Set for 6–7 August at Bharat Mandapam

The report notes that the malware itself was relatively simple in design. It relied on an in-memory Python HTTP server and PowerShell agents, while persistence mechanisms included Scheduled Tasks, WMI Events, and Windows Registry modifications. Researchers emphasized that the malware lacked advanced obfuscation, packing, or sophisticated evasion techniques commonly found in more complex malware families.

The report also states that the attacker used AI to generate likely password combinations for WordPress accounts and analyze 1Password data dumps in search of exploitable credentials. However, Gemini CLI reportedly refused one request to create a self-propagating “agent bomb,” prompting the threat actor to shift focus to other activities instead.

Renowned cybercrime expert and former IPS officer Prof. Triveni Singh said the incident demonstrates that generative AI tools are no longer limited to improving productivity and software development. If misused, they can significantly enhance the speed, efficiency, and capabilities of cybercriminals. He emphasized that organizations developing AI-powered automation tools should implement stronger security controls, continuous monitoring, and robust safeguards to detect and prevent malicious misuse.

Stay Connected