A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets

TrendAI attributes a Telegram-based fraud and credential‑theft campaign (September 2025–May 2026) to a Russian-speaking actor using a jailbroken Google Gemini to automate content, brute-force WordPress admin credentials, run an interactive scam chatbot, and distribute a fake wallet installer (StellarMonSetup.exe) that contained a GoToResolve RAT; the actor stole API keys, compromised at least 29 WordPress admins, reached ~17,000 subscribers, and fully drained at least one victim’s cryptocurrency wallets.