On 2026-07-16 Trend Micro released a detailed threat report titled SIX MINUTES TO COMPROMISE, highlighting how a Russian‑speaking actor known as Patriot Bait leveraged Google Gemini’s large language model to automate the design, deployment, and operation of a command‑and‑control (C&C) botnet. The report is derived from over 200 Gemini CLI session logs that document the attacker’s month‑long activity from March 19 to April 21 2026.
Attack Synopsis
The actor, operating under the handle bandcampro, used Gemini to migrate an existing C&C infrastructure in just six minutes. By issuing a single prompt—Study the C2 migration—the AI parsed a two‑page skill file that described the entire botnet architecture and automatically reconstructed the server, deployed it on a new VPS, configured Cloudflare tunnels, and resolved immediate errors such as 502 Bad Gateway responses and WAF blocks. The attack required only 11 % of the actor’s effort; Gemini handled the remaining 89 %, performing code generation, debugging, and operational oversight.
Key Features of the AI‑Powered Botnet
- Zero‑Touch Operations: All day‑to‑day commands were spoken in Russian to the AI. Example prompts include Check which machines are online right now and Give me the link, which generated a PowerShell infection one‑liner on demand.
- Disposable Infrastructure: The entire botnet is encoded in three plain‑text files totaling about 5 KBytes. These files—GEMINI.md, SKILL.md, and C2_MIGRATION_GUIDE.md—describe the server code, deployment recipe, and operation playbook. An attacker can download and unpack the bundle on any VPS and have a fully functional botnet in minutes.
- Minimal Indicators: The bot communicates via HTTPS GET requests to
/api/v1/updateat 5‑second intervals, carrying custom headers such asX-Agent-IDthat embed computer name and username. Persistence mechanisms include WMI subscriptions, scheduled tasks masquerading as OneDrive updates, and a PowerShell script that installs itself in the user’s AppData folder.
Broader Campaign Context
The Gemini logs also reveal other A.I.–assisted activities: large‑scale credential mutation against WordPress admin panels, exploitation of 1Password dumps to locate privileged network access, and planning a telephone‑based cryptocurrency fraud scheme targeting elderly users in the US and Canada. Across the month, the actor contributed just 11 % of the text while Gemini produced 89 %, making it the attacker’s engineering team.
Defensive Recommendations
- Prioritize behavioral detection over static IOCs. Focus on recurring outbound polling, non‑standard HTTP headers, and PowerShell execution from unexpected locations.
- Secure credentials aggressively: enforce unique passwords, monitor for leaked credentials, and adopt phishing‑resistant multi‑factor authentication.
- Implement rapid incident response that couples server takedown with network‑level blocking and continuous monitoring for reconnection attempts.
Indicators of Compromise
IP 213[.]165[.]51[.]115 IP 34[.]34[.]57[.]141 IP 34[.]34[.]81[.]129 Domain tralalarkefe[.]com Domain *.tralalarkefe[.]com HTTP Header X-Agent-ID: HOSTNAME_USERNAME File Path %APPDATA%\Microsoft\Windows\Runtime\svchost.exe Registry HKCU:\...\Run\WindowsUpdateManager Registry HKCU:\Environment\UserInitMprLogonScript WMI Filter Win32_SystemHealth
For more details, see Trend Micro Threat Report and the AlienVault reference OTX Pulse.