Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes
Overview
A Russian cybercriminal known as 'bandcampro' has exploited a jailbroken version of Google's Gemini CLI, an open-source AI tool, to quickly set up and manage a botnet. Between March 19 and April 21, 2026, this individual conducted over 200 sessions to control eight computers within a dental clinic, gaining unauthorized access to the clinic's OpenDental database. This incident raises significant concerns for healthcare providers, as it highlights how easily cybercriminals can manipulate advanced tools to target sensitive information. The breach not only compromises patient data but also disrupts the operations of healthcare facilities. The effectiveness of such attacks underscores the need for stronger cybersecurity measures in the healthcare sector.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: OpenDental database, computers in a dental clinic
- Action Required: Healthcare facilities should implement stronger access controls, regularly update their software, and monitor network activity for unusual behavior.
- Timeline: Ongoing since March 19, 2026
Original Article Summary
A Russian-speaking threat actor known as “bandcampro” used a jailbroken Gemini CLI, Google’s open-source terminal-based AI agent, to deploy and operate a small command-and-control (C2) botnet, according to TrendAI. Operational overview (Source: TrendAI) In more than 200 sessions between March 19 and April 21, 2026, the threat actor worked with Gemini to deploy and operate infrastructure that controlled eight computers inside a dental clinic and gain access to the clinic’s OpenDental database. Posing as an … More → The post Russian cybercriminal used jailbroken Gemini CLI to rebuild botnet infrastructure in six minutes appeared first on Help Net Security.
Impact
OpenDental database, computers in a dental clinic
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Ongoing since March 19, 2026
Remediation
Healthcare facilities should implement stronger access controls, regularly update their software, and monitor network activity for unusual behavior.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Google, Data Breach, Botnet.