AI/ML

Russian hacker uses Google’s AI tool to operate botnet

As reported by Bleeping Computer, a Russian-speaking threat actor identified as "bandcampro" has been leveraging Google's open-source Gemini CLI AI tool to function as a hacking agent and manage a small-scale botnet. The AI demonstrated remarkable adaptability, responding to the attacker's prompts, troubleshooting issues in real-time, and even suggesting operational enhancements on at least 59 occasions, according to Trend Micro.

Between May 19 and April 21, the threat actor engaged in over 200 sessions with the AI tool to deploy and manage an infrastructure controlling eight systems within a dental clinic, gaining access to the OpenDental database. The AI agent operated under the guise of an "authorized pen tester," bypassing safety disclaimers and automatically saving credentials. Its capabilities included a command-and-control (C2) playbook detailing architecture, operations, infection code, persistence commands, and troubleshooting.

Trend Micro researchers observed the AI facilitating a rapid C2 infrastructure migration in just six minutes, handling architecture, coding, VPS deployment, and debugging. The botnet itself was lightweight, with all components and instructions contained in approximately 5 KB of plain-text files. Beyond botnet management, the actor reportedly used AI for password guessing and analyzing password dumps. While the AI refused one request to build a self-spreading "agent-bomb," the actor continued with other tasks.

Source: Bleeping Computer

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds