Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes A Russian-speaking threat actor known as 'bandcampro' used a jailbroken Gemini CLI, Google's open-source AI agent, to deploy and operate a command-and-control botnet that compromised eight computers at a dental clinic and accessed its OpenDental database, according to Trend Micro. The actor conducted over 200 sessions between March 19 and April 21, 2026, rebuilding botnet infrastructure in as little as six minutes. A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-and-control C2 botnet, according to Trend Micro. Operational overview Source: Trend Micro In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate infrastructure that controlled eight computers inside a dental clinic and gain access to the clinic’s OpenDental database. Posing … More https://www.helpnetsecurity.com/2026/07/16/jailbroken-google-gemini-cli-botnet/ The post Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes https://www.helpnetsecurity.com/2026/07/16/jailbroken-google-gemini-cli-botnet/ appeared first on Help Net Security https://www.helpnetsecurity.com .