Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bandcampro Gemini CLI botnet operation

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The bandcampro botnet operation used Google's open-source Gemini CLI to run and migrate C2 infrastructure, letting the actor manage infected systems and generate attack tasks. The activity spanned more than 200 sessions and included control of eight systems in a dental clinic, raising the risk of follow-on access and credential abuse. The operator also used the tool for password guessing and analysis of 1Password dumps, expanding the possible attack surface.

Related Happenings

GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant

Malware Activity
H score72 First: 08.01.2026 19:30 Last: 08.01.2026 19:30 Sources 1

About this happening: GoBruteforcer is actively brute-forcing Linux servers exposed to the internet, creating a broad risk of compromise, data theft and botnet expansion. The operation...

Timeline

  1. 15.07.2026 21:33 2 articles · 14h ago

    bandcampro used Gemini CLI to run and migrate a small botnet

    Initial Disclosure

    A Russian-speaking threat actor known as bandcampro used Google's open-source Gemini CLI as a hacking agent to operate a small-scale botnet, migrate its C2 infrastructure, and manage eight systems in a dental clinic while seeking access to the OpenDental database. The AI handled architecture, coding, VPS deployment, Cloudflare configuration, initial debugging, and reconnect troubleshooting, while the operator also used it for password guessing and analysis of 1Password dumps.

    Show sources