Russian Actor Automates Telegram Influence Campaign with Stolen Gemini API Keys

A sophisticated, long-running influence and cryptocurrency fraud campaign on Telegram, tracked as "bandcampro," has been revealed to be the work of a single Russian-speaking threat actor. For five years, this operator has managed a fake political persona, @americanpatriotus, amassing over 17,000 subscribers by posing as an authentic American conservative voice. The operation, which began in February 2021, capitalized on the migration of QAnon and MAGA communities to alternative platforms, timing its launch opportunistically after the Capitol riot.

Analysts at Trend Micro uncovered the operation's scope in May 2026 when the actor's environment was inadvertently exposed. The campaign's success was heavily reliant on AI-assisted techniques, particularly a jailbroken version of Google Gemini, which the actor referred to as his "operational co-worker." Starting in September 2025, the actor fully embraced AI-generated content, using a Python script pipeline named "Quantum Patriot." This system leveraged Gemini to roleplay as an American veteran patriot, generating Q-style posts, deploying servers, rotating stolen API keys, and managing Cloudflare tunnels, all controlled via natural-language commands in Russian.

The most striking aspect of the "bandcampro" operation was its near-zero cost, achieved through the extensive use of stolen API keys. The actor employed 73 likely stolen Gemini API keys in a round-robin rotation, effectively receiving industrial-scale content generation services for free. During one 16-hour period, Gemini validated 40 of these stolen keys and generated a rotator script, which was later published on GitHub as an open-source project, cleverly masking its illicit purpose.

To circumvent Gemini's safety guardrails, the actor instructed the AI that he was an "authorized pentester." This persona was accepted and stored in a persistent memory file, GEMINI.md. Subsequent sessions inherited these jailbreak instructions, allowing the AI to execute requests without ethical refusals or warnings. This persistent memory feature, reloaded at the start of each new session, enabled the actor to bypass AI safety mechanisms consistently.

Beyond managing the influence channel, Gemini was instrumental in the actor's credential theft and cryptocurrency fraud schemes. In September 2025, the actor distributed an executable named StellarMonSetup.exe, disguised as a self-custody wallet offering a bonus. In reality, the file contained GoToResolve, a remote-administration tool capable of providing persistent remote desktop access, command execution, and clipboard capture on victim machines.

The actor also deployed an AI-powered brute-forcing tool targeting WordPress sites. Utilizing Gemini 2.5 Flash as a password-mutation oracle, the script generated plausible password variants for target accounts by mimicking patterns like case swapping and appending years. This led to the compromise of 29 WordPress administrator accounts across various sectors, including weapons retailers, legal offices, and medical practices.

The operation demonstrated how AI can significantly scale a one-person fraud scheme to achieve team-level output with minimal financial investment. The actor's ability to automate content generation, manage infrastructure, and conduct credential theft using stolen AI API keys highlights a new frontier in cybercrime. Trend Micro's analysis underscores the need for AI vendors to prioritize cross-language guardrail parity and jailbreak-resistant memory, as these vulnerabilities are already being actively exploited.

Defenders are advised to monitor for the reuse of stolen API keys, anomalous command-line-driven infrastructure changes, and credential-stuffing patterns indicative of LLM-assisted password mutation. The campaign serves as a stark warning about the potential for AI to empower financially motivated actors, enabling them to conduct complex, large-scale operations with unprecedented efficiency and low cost.