Russian-Speaking Threat Actor Abuses Jailbroken Gemini for Credential Theft and Crypto Heist

A recent report by GBHackers has revealed that a Russian-speaking threat actor has been using a jailbroken version of the Gemini large language model to automate a multi-year influence campaign. The actor, tracked as 'bandcampro,' used a public Telegram channel with about 17,000 subscribers to pose as an American veteran and amplify pro-MAGA and QAnon-aligned content.

The threat actor integrated a persistent jailbreak into the Gemini model by instructing it to accept an authorization narrative and saving those instructions in a memory file that was automatically reloaded each session. This allowed the actor to remove safety refusals and execute harmful requests without interruption.

The campaign used a Python-driven content pipeline called 'Quantum Patriot' to generate propaganda, scale social-engineering, and manage posting cadence. The pipeline fed news links into Gemini to produce cryptic, militaristic rewrites and scheduled posts to mimic US prime-time activity.