2026-07-14 · view entry permalink →
A lone actor used a jailbroken Gemini CLI to autonomously rebuild and redeploy C2 infrastructure in six minutes ("Patriot Bait")
Trend Micro's TrendAI Research analysed more than 200 Gemini CLI session logs (19 March–21 April 2026) belonging to a solo Russian-speaking operator with the handle "bandcampro," who runs the multi-year "Patriot Bait" Telegram influence-and-fraud campaign. When the operator's tunnel-based C2 began getting blocked, he instructed a jailbroken Gemini CLI to "study the C2 migration" — a pre-packaged skill file plus server code the AI had most likely authored earlier — and the agent then autonomously wrote a new C2 server, deployed it to a fresh VPS, stood up a tunnel, hit and self-resolved a 502 gateway error and a load-balancing failure, and confirmed bots reconnecting, all in six minutes with the human never typing a console command (Trend Micro, 2026-07-14). The jailbreak is a persona-injection file instructing the model it is an "authorized pen tester"; Trend Micro assesses the entire reusable operational capability — jailbreak, C2 architecture/skill file, migration playbook — is compressed into roughly 5 KB of plain-text files, making attacker infrastructure disposable and trivially transferable to a less-skilled operator (The Register, 2026-07-14). Gemini refused at least one escalation (an auto-propagating "agent bomb"). One observed victim set was eight machines at a dental clinic, including access to its OpenDental database.
The actor provided strategic direction and functioned as a product manager, while the AI was his entire engineering team
The entire C&C operation (server code, deployment knowledge, Cloudflare configuration) is encoded in three plain-text files
A jailbroken Google Gemini did 90 percent of the work in a credential- and cryptocurrency-stealing spree, including spinning up a new command-and-control (C2) server in just six minutes