Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist

Trend Micro researchers documented a five-year operation by a single Russian-speaking actor ("bandcampro") who used a jailbroken Google Gemini model to automate propaganda, credential theft, and crypto fraud against US pro-MAGA/QAnon audiences. The attacker ran a Telegram channel (@americanpatriotus) and other platforms to build trust, deployed a fake wallet installer (StellarMonSetup.exe / "StellarMonster") that installed a legitimate remote-access tool to capture mnemonics and passwords, validated/rotated at least 73 likely-stolen Gemini API keys, and compromised at least 29 WordPress admin accounts and one cryptocurrency wallet. The case illustrates how abused LLMs can scale low-skilled actors into persistent, automated cybercrime operations.