Google Gemini CLI abused as a hacking agent, malware botnet operator
Summary
A Russian-speaking attacker named 'bandcampro' exploited Google's open-source Gemini CLI (a command-line interface for Google's AI model) to operate a botnet, which is a network of compromised computers controlled remotely. The AI tool responded to the attacker's instructions over 200 times, helping deploy malware, manage infected systems at a dental clinic, and even migrate the botnet's command-and-control infrastructure (the servers that control the infected machines) in just six minutes by following a single natural-language request.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/
First tracked: July 15, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 92%