Google Gemini CLI Abused by Hackers as AI Malware Botnet Operator
Jul 16, 2026
Google's open-source Gemini CLI has been abused by a Russian-speaking threat actor as an autonomous hacking assistant, demonstrating how generative AI can now actively support cybercriminal operations. Researchers observed the AI agent helping with malware development, botnet management, troubleshooting, and operational planning, highlighting the growing risks of AI-powered cybercrime.
At a Glance
Category | Details |
|---|---|
Threat Type | AI-assisted malware operations |
Target Tool | Google Gemini CLI |
Threat Actor | Russian-speaking actor tracked as bandcampro |
Impact | Malware development, botnet management, attack troubleshooting |
AI Usage | Code generation, debugging, reconnaissance, operational guidance |
Primary Risk | Increased efficiency and accessibility of cybercrime |
Status | Activity observed by researchers in July 2026 |
What Happened?
Security researchers discovered that a threat actor known as bandcampro used Google's open-source Gemini CLI as a real-time hacking assistant while operating a malware campaign.
Rather than simply generating code snippets, the AI was repeatedly prompted throughout the attack lifecycle. Researchers observed Gemini CLI assisting with malware development, resolving coding issues, improving persistence mechanisms, managing infected systems, and suggesting operational improvements.
According to the investigation, the AI agent responded to the attacker's prompts at least 59 times, effectively acting as an interactive cyber assistant instead of a traditional chatbot.
How Gemini CLI Was Used
The attacker leveraged Gemini CLI to streamline several stages of malicious operations, including:
Writing and modifying malware code
Debugging scripts and fixing programming errors
Assisting with botnet management
Providing command-line automation
Suggesting improvements to attack workflows
Supporting reconnaissance and operational planning
Instead of manually solving technical problems, the attacker relied on the AI tool for immediate assistance, significantly reducing the time needed to develop and maintain malicious infrastructure.
Why This Matters
The incident demonstrates a major shift in how cybercriminals can leverage AI.
Previously, attackers primarily used generative AI to create phishing emails or write malicious code. This campaign shows AI being integrated directly into day-to-day cybercriminal operations as an interactive assistant capable of troubleshooting and improving attacks in real time.
As AI coding assistants become increasingly powerful, they may lower the technical barrier for less experienced attackers while allowing skilled operators to execute campaigns more efficiently.
Security Implications
Organizations should expect AI-assisted attacks to become increasingly sophisticated.
Potential impacts include:
Faster malware development cycles
Improved evasion techniques
More resilient botnets
Automated troubleshooting during attacks
Increased attack scalability
Reduced skill requirements for cybercriminals
Security teams should also recognize that AI can accelerate nearly every phase of the cyber kill chain, from reconnaissance through post-compromise activities.
How Organizations Can Reduce Risk
Organizations should strengthen their defenses against increasingly automated threats by:
Continuously monitoring endpoints for unusual behavior
Detecting command-and-control communications early
Deploying advanced endpoint detection and response (EDR)
Blocking unauthorized scripting and automation tools
Conducting regular threat hunting
Strengthening employee phishing awareness
Applying security updates promptly
Monitoring AI-related risks within development environments
As AI-powered attacks evolve, combining technical controls with human awareness becomes increasingly important.
Key Takeaways
The abuse of Google Gemini CLI illustrates how AI assistants are evolving from productivity tools into force multipliers for cybercriminals. Rather than replacing attackers, AI is enhancing their efficiency by providing instant coding support, troubleshooting assistance, and operational recommendations.
While AI also strengthens defensive capabilities, this incident reinforces the need for organizations to prepare for a future where attackers routinely incorporate AI into malware development and cyber operations.






