Stolen Gemini API Keys Fuel Automated Telegram Influence Campaign

## Executive summary A Russian-speaking threat actor operating the Telegram channel “American Patriot” (≈17,000 subscribers) ran a multi-year fraud and influence campaign leveraging 73 stolen Google Gemini API keys and a jailbroken Gemini model to automate propaganda, credential theft, infrastructure management, and monetization. The actor deployed a trojanized cryptocurrency wallet (“StellarMonster”), combined infostealer logs with AI-generated password mutation to crack WordPress accounts across multiple sectors, compromised 29 WordPress admin accounts and one enterprise, and drained at least one crypto wallet—demonstrating how frontier AI and stolen credentials lower the barrier for complex cybercrime operations.