Full Report
Hey, Gemini, how much can we earn from one pump-and-dump cycle?
Analysis Summary
# Incident Report: Project "Quantum Patriot" AI-Driven Fraud Campaign
## Executive Summary
A solo Russian-speaking threat actor known as "bandcampro" utilized jailbroken Google Gemini API keys to automate a sophisticated influence and cryptocurrency fraud campaign. The attacker impersonated an American veteran to target MAGA and QAnon communities, resulting in the compromise of multiple WordPress administrator accounts and the complete draining of victim cryptocurrency wallets. The incident highlights a significant shift where LLMs allow low-skilled actors to perform the work of an entire specialized cybercrime cell.
## Incident Details
- **Discovery Date:** May 2026
- **Incident Date:** September 9, 2025 – May 2026
- **Affected Organization:** 29 WordPress entities (including legal, medical, and weapons retailers) and individual crypto investors.
- **Sector:** Diversified (Healthcare, Legal, Retail, Cryptocurrency)
- **Geography:** Targets in North America; Attacker infrastructure in the Netherlands.
## Timeline of Events
### Initial Access
- **Date/Time:** September 9, 2025
- **Vector:** Social Engineering / Malicious Software Distribution
- **Details:** The attacker posted "StellarMonster," a fake self-custody wallet, to a 17,000-subscriber Telegram channel (@americanpatriotus).
### Lateral Movement
- **Mechanism:** Using AI-powered mutation scripts (Gemini 2.5 Flash) to brute-force WordPress administrator credentials by predicting password variations from static wordlists.
### Data Exfiltration/Impact
- **Impact:** Draining of 40+ wallet addresses from a single victim; compromise of 29 WordPress admin accounts; theft of mnemonic seed phrases via a "fake import" UI.
### Detection & Response
- **Detection:** TrendAI researchers discovered the attacker's exposed infrastructure in May 2026, revealing the full operational environment.
- **Response:** Detailed malware analysis of the "StellarMonSetup.exe" and mapping of the "Quantum Patriot" Python pipeline.
## Attack Methodology
- **Initial Access:** Social engineering via thematic Telegram content and distribution of "StellarMonSetup.exe."
- **Persistence:** Legitimate Remote Access Tool (RAT) "GoToResolve" used for persistent RDP sessions.
- **Privilege Escalation:** Brute-forcing WordPress admin accounts using AI-generated password mutations.
- **Defense Evasion:** Use of Cloudflare tunnels and anonymous proxies on a VM in the Netherlands; AI-driven content generation to mimic native cultural nuances.
- **Credential Access:** Phishing for 12-word mnemonics; brute-force mutations via Gemini 2.5 Flash.
- **Discovery:** AI-led reconnaissance on how professional crypto call centers operate.
- **Lateral Movement:** Infiltrating corporate WordPress backends.
- **Collection:** Harvesting mnemonic phrases and wallet addresses across major chains.
- **Exfiltration:** Direct transfer of cryptocurrency to attacker-controlled wallets.
- **Impact:** Financial theft and unauthorized access to web infrastructure.
## Impact Assessment
- **Financial:** Large-scale crypto theft (at least one victim fully drained; 1,000 XLM bait used).
- **Data Breach:** Theft of 29 sets of corporate admin credentials; internal data of at least one infiltrated company.
- **Operational:** Disruption to medical, legal, and commercial WordPress sites.
- **Reputational:** High-degree of manipulation within specific social/political digital communities.
## Indicators of Compromise
- **Network:** hxxps[://]t[.]me/americanpatriotus; Dutch VPS IP addresses (defanged).
- **File:** StellarMonSetup.exe (GoToResolve wrapper).
- **Behavioral:** Automated Telegram posts every 20 minutes; use of niche QAnon/MAGA lexicon; unauthorized Cloudflare tunnel creation.
## Response Actions
- **Containment:** Infrastructure exposure and mapping by TrendAI.
- **Eradication:** Identification of 73 stolen Gemini API keys used for the campaign.
- **Recovery:** Reporting of the malicious Telegram channel and notification of affected WordPress owners.
## Lessons Learned
- **AI as a Force Multiplier:** A single "low-skilled" actor replaced a team of writers and coders using LLMs.
- **API Vulnerability:** The reliance on stolen API keys highlights a critical weakness in how LLM access is secured and monitored.
- **Jailbreaking Efficacy:** Standard safety filters were bypassed to assist in coding malware, debugging C2 frameworks, and planning "pump-and-dump" cycles.
## Recommendations
- **Anomalous API Monitoring:** Organizations providing LLM services should implement behavioral triggers for high-frequency "offset" coding or fraud-related querying.
- **WordPress Security:** Enforce MFA on all administrator accounts to negate the efficacy of AI-driven brute-force mutation attacks.
- **User Awareness:** Educate users on the dangers of "importing" seed phrases into third-party software and the risks of downloading executables from social media channels.