# Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes

> Source: <https://www.helpnetsecurity.com/2026/07/16/jailbroken-google-gemini-cli-botnet/>
> Published: 2026-07-16 12:08:46+00:00

A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-and-control (C2) botnet, according to Trend Micro. Operational overview (Source: Trend Micro) In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate infrastructure that controlled eight computers inside a dental clinic and gain access to the clinic’s OpenDental database. Posing … [More ](https://www.helpnetsecurity.com/2026/07/16/jailbroken-google-gemini-cli-botnet/)

The post [Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes](https://www.helpnetsecurity.com/2026/07/16/jailbroken-google-gemini-cli-botnet/) appeared first on [Help Net Security](https://www.helpnetsecurity.com).
