A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet.
The AI agent responded to the attacker's prompts, troubleshooting problems on the fly and even proposing operational improvements at least 59 times.
In more than 200 sessions between May 19 and April 21, the threat actor worked with the AI tool to deploy and operate an infrastructure that controlled eight systems in a dental clinic and to get access to the OpenDental database.
The AI agent assumed the role of an "authorized pen tester" acting without safety disclaimers and automatically saved any credentials.
Its skill file contained the command-and-control (C2) playbook, complete with a description of the architecture, standard operations, infection code, commands for persistence, and troubleshooting steps.
AI controlling the botnet
Trend Micro researchers say that the threat actor used Gemini CLI to migrate the botnet to a new C2 infrastructure. Starting from a single instruction that read ""Study the C2 migration," the AI processed the guide and prepared all the steps and code necessary for the process.
The AI migrated the C2 infrastructure, handling the architecture, coding, VPS deployment, Cloudflare configuration, and initial debugging in just six minutes.
"The AI read the migration guide, then prepared a migration bundle, a small archive of server code, payloads, and the skill file. It then unpacked the bundle, launched the C&C server on a VPS, and brought up the Cloudflare tunnel," Trend Micro says.
When machines initially failed to reconnect, the AI diagnosed conflicting traffic between the old and new servers, and after the actor shut down the old server, all bots reconnected.
... continue reading