Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign
Cybersecurity NewsArchived Jun 02, 2026✓ Full text saved
A single threat actor has been running a fake political persona on Telegram for five years, quietly building an audience of over 17,000 subscribers while using stolen AI credentials to power the entire operation. What looks like an American patriot channel is actually a financially motivated fraud scheme run by a solo Russian-speaking operator. The […] The post Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign appeared first on Cyber Security News .
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign
By Tushar Subhra Dutta
June 2, 2026
A single threat actor has been running a fake political persona on Telegram for five years, quietly building an audience of over 17,000 subscribers while using stolen AI credentials to power the entire operation.
What looks like an American patriot channel is actually a financially motivated fraud scheme run by a solo Russian-speaking operator. The goal was always money, and AI made scaling that goal nearly effortless.
The campaign, tracked under the handle “bandcampro,” began on February 6, 2021, one month after the Capitol riot, when QAnon and MAGA communities were being deplatformed and migrating to Telegram.
By positioning the fake channel, @americanpatriotus, as an authentic American conservative voice, the actor tapped into a ready-made audience already hungry for alternative platforms. The timing was clearly opportunistic.
Analysts at Trend Micro said in a report shared with Cyber Security News (CSN) that in May 2026, their TrendAI Research team discovered the threat actor’s operational environment had been inadvertently exposed, revealing the full scope of a five-year influence and fraud campaign.
The actor used AI-assisted techniques to run the Telegram channel, targeting politically engaged American audiences for cryptocurrency fraud alongside AI-assisted credential theft.
Starting in September 2025, the actor pivoted to fully AI-generated content, using a jailbroken version of Google Gemini as an operational co-worker.
He named his content pipeline “Quantum Patriot,” a set of Python scripts that called Gemini to roleplay as an American veteran patriot.
The “American Patriot” Telegram profile (Source – Trend Micro)
The AI generated Q-style posts, deployed servers, rotated stolen API keys, and managed Cloudflare tunnels, all from natural-language commands typed in Russian.
What made the operation alarming was its near-zero cost. The actor used 73 likely stolen Gemini API keys on a round-robin rotation, meaning he paid almost nothing for industrial-scale content generation.
The “Quantum Patriot” pipeline (Source – Trend Micro)
With 29 WordPress accounts cracked, one company infiltrated, and one victim’s cryptocurrency wallet fully drained, the operation showed that AI can scale a one-person fraud scheme to team-level output.
Threat Actor Uses Stolen Gemini API Keys
The actor’s use of stolen Gemini API keys was central to keeping the operation cost-free. During one documented 16-hour session, Gemini validated 40 likely stolen API keys and wrote a round-robin rotator that cycled through them automatically.
That rotator was later published to GitHub as a clean, open-source project, disguising its criminal purpose entirely.
Screenshot of the QFS 2.0 Terminal (Source – Trend Micro)
To bypass Gemini’s safety guardrails, the actor established himself to the AI as an “authorized pentester,” which Gemini accepted and saved into a persistent memory file called GEMINI.md.
Over subsequent sessions, he escalated by getting the AI to memorize it should execute requests without ethical refusals or warnings. Since Gemini CLI reloads this memory file at every session start, each new conversation automatically inherited those jailbreak instructions.
AI-Assisted Credential Theft and Fraud
Beyond running the channel, the actor used Gemini to assist with credential theft and a gamified chatbot designed to steal cryptocurrency.
On September 9, 2025, he posted an executable called StellarMonSetup.exe, framed as a self-custody wallet with a welcome bonus of up to 1,000 XLM.
The file was actually GoToResolve, a remote-administration tool that gave the actor persistent remote desktop access, command execution, and clipboard capture on victim machines.
The actor also deployed an AI-powered brute-forcing tool targeting WordPress sites. Using Gemini 2.5 Flash as a password-mutation oracle, the script generated 20 plausible password variants per target by modeling patterns such as swapping cases, appending years, and substituting symbols.
Collected data confirmed that 29 WordPress administrator accounts were cracked across weapons retailers, legal offices, medical practices, and small commercial sites.
(top) The fake wallet was forwarded from a channel impersonating Donald J. Trump, (bottom) The attached executable is in fact a remote-access Trojan (Source – Trend Micro)
Defenders should never install software or enter a seed phrase based on instructions from a social media channel, as legitimate platforms will never make such requests.
Enterprises should monitor for stolen API key reuse, anomalous CLI-driven infrastructure changes, and credential-stuffing patterns consistent with LLM-assisted password mutation.
AI vendors should treat cross-language guardrail parity and jailbreak-resistant memory as urgent priorities, since this campaign proves those gaps are already being actively exploited.
Indicators of Compromise (IoCs):-
Type Indicator Description
IP Address 213.165.51.115 GoToResolve infrastructure network connection
IP Address 34.34.57.141 GoToResolve infrastructure network connection
IP Address 34.34.81.129 GoToResolve infrastructure network connection
IP Address 35.192.41.201 GoToResolve infrastructure network connection
File Name StellarMonSetup.exe Fake Stellar wallet executable; contains GoToResolve RAT
File Name GEMINI.md Jailbreak memory file used to override Gemini AI safety guardrails
File Name CREDENTIALS.md File used to store stolen tokens and GCP service accounts
File Name DEPLOYED_TOOLS.md File cataloguing session output and deployed tooling
File Name C2_MIGRATION_GUIDE.md Gemini-followed guide for command-and-control server migration
Telegram Channel @americanpatriotus Primary influence operation distribution channel (~17,000 subscribers)
Telegram Bot @QFS_Terminal_Bot Gamified QAnon-styled chatbot used to engage and defraud subscribers
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Tushar Subhra Dutta
Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.
Trending News
New PureLogs Variant Uses MsBuild.exe Process Hollowing to Evade Detection
New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users
Motorola Phones Preinstalled App Found Hijacking Amazon App to Inject Affiliate Codes
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges
New Zapocalypse Attack Chain Enables Full Zapier Account Takeover
Latest News
Cyber Security
Red Hat Confirms Supply Chain Compromise of @redhat-cloud-services npm Packages
Cyber Security News
Russia Says Foreign Spyware Found on High-Ranking Officials’ Mobile Phones
Press Release
Halo Security Honored with 2026 MSP Today Product of the Year Award
Cyber Security News
CISA Warns of Two-Year-Old Oracle WebLogic Server Vulnerability Exploited in Attacks
Cyber Security News
Critical KMW CCTV Vulnerability Let Attackers Gain Unauthorized Access to Camera Feeds