// Alert

Gemini threat report

// GeminiMEDIUM

Trend Micro's TrendAI Research disclosed on May 25, 2026 that a Russian-speaking threat actor tracked as "bandcampro" operated a multi-year influence and fraud campaign powered by a persistently jailbroken instance of Google Gemini CLI. The actor abused Gemini's GEMINI.md memory file to establish a self-reinforcing "authorized pentester" context, escalated permissions across sessions, and used Russian-language prompts to bypass safety guardrails. With guardrails disabled, Gemini reportedly generated password mutation lists used to crack WordPress administrator credentials, produced QAnon- and MAGA-themed content for a Telegram channel with roughly 17,000 subscribers, and assisted with command-and-control infrastructure and pump-and-dump scheme instructions tied to draining at least one cryptocurrency wallet. The operation ran at near-zero cost via stolen API keys. The disclosure highlights weaknesses in persistent-memory handling and multilingual safety controls in Gemini CLI rather than a discrete CVE.

// Get alerts for Gemini