• 2 min read
Gemini CLI helped run a botnet in Trend Micro report
Trend Micro says a threat actor used Google’s Gemini CLI to manage an eight-system botnet and troubleshoot a C2 migration in six minutes.

Image: BleepingComputer
A Russian-speaking threat actor tracked as “bandcampro” used Google’s open-source Gemini CLI as a hands-on hacking assistant and botnet operator, according to Trend Micro. In more than 200 sessions between May 19 and April 21, the actor used the tool at least 59 times to troubleshoot problems, suggest operational changes, and help run an infrastructure that controlled eight systems in a dental clinic while seeking access to the OpenDental database.
Trend Micro says the attacker configured the agent to behave like an “authorized pen tester”, with safety disclaimers removed and credentials automatically saved. Its associated skill file reportedly included a full command-and-control playbook covering the botnet architecture, infection code, persistence commands, standard operating steps, and troubleshooting guidance.
How Gemini CLI handled the C2 migration
The clearest example came during a move to new C2 infrastructure. Starting with a single instruction — “Study the C2 migration” — the agent read the migration guide, generated the required code and steps, then handled architecture, coding, VPS deployment, Cloudflare configuration, and initial debugging in six minutes, Trend Micro says.
“The AI read the migration guide, then prepared a migration bundle, a small archive of server code, payloads, and the skill file. It then unpacked the bundle, launched the C&C server on a VPS, and brought up the Cloudflare tunnel,”
When infected machines did not immediately reconnect, the agent diagnosed conflicting traffic between the old and new servers. After the old server was shut down, all bots reconnected, according to the researchers.
Daily logs cited by Trend Micro show the actor managing the botnet through natural-language requests such as checking which machines were online, listing files on specific systems, and generating infection links.

Recommended reading
Mira Murati’s lab unveils Inkling, a 975B open model
Small toolkit, limited malware sophistication
Trend Micro describes the operation as technically lightweight. The entire setup reportedly fit into three plain-text files totaling roughly 5 KB:
- a Gemini jailbreak prompt
- a C2 playbook for infection, persistence, and troubleshooting
- a migration guide for rebuilding the infrastructure
The C2 relied on an in-memory Python HTTP server and PowerShell agents that polled it every five seconds. Persistence used scheduled tasks, WMI events, and registry modifications, depending on available privileges.
Even so, the malware itself was “rather unsophisticated,” Trend Micro says, lacking obfuscation, packing, or evasion mechanisms. The researchers also say the actor used the tool for password guessing on WordPress portals and to analyze 1Password dumps for possible avenues of exploitation. In one logged case, Gemini refused a request to build a self-spreading “agent-bomb,” but the actor simply moved on to other tasks.
BleepingComputer said it contacted Google for comment and had not received a response by publication.
AI Editor
Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.
via BleepingComputer


