Jailbroken Gemini Powers WordPress Hacking and Crypto Theft
Jailbroken Gemini played a key role in a recent cybercrime campaign, helping a Russian-speaking hacker target WordPress admin accounts and steal cryptocurrency from unsuspecting victims. This attack highlights the growing risks for organisations using WordPress and the dangers posed by weaponised artificial intelligence.
Inside the Attack: How Jailbroken Gemini Enabled Cybercrime
Overview of the Campaign
Between September 2025 and May 2026, a Russian-speaking threat actor operating under the alias ‘bandcampro’ orchestrated a sophisticated fraud operation. He used a jailbroken Google Gemini large language model (LLM) to generate convincing content, automate phishing schemes, and perform password mutation attacks. The campaign mainly targeted US-based groups, but the techniques used are directly relevant to small and medium businesses relying on WordPress.
Key Tactics Used
- Stolen API Keys: The attacker used 73 likely stolen Gemini API keys, which gave him free access to advanced AI tools.
- AI-Generated Phishing: Gemini produced persuasive posts and messages for the Telegram channel, which grew to over 17,000 subscribers.
- Malware Deployment: He posted a fake wallet tool, ‘StellarMonster,’ which contained a legitimate remote access trojan (GoToResolve) to gain persistent access to victims’ devices.
- Password Mutation Attacks: Using Gemini’s power, the attacker modelled common password mutations to brute-force WordPress admin credentials.
- Cryptocurrency Theft: Victims who entered their wallet seed phrases into the fake tool had their cryptocurrency stolen, with at least one wallet fully compromised.
Targeting WordPress Admins
The campaign successfully cracked 29 WordPress administrator accounts. These included websites belonging to weapons retailers, legal offices, medical practices, and small commercial businesses. This demonstrates that attackers are increasingly using AI to automate and scale credential attacks, especially against widely used platforms like WordPress.
Why Jailbroken Gemini and API Security Matter
Weaponising AI in Cybercrime
AI models like Gemini are now being manipulated by attackers to generate phishing content, automate password attacks, and simulate legitimate interactions. Jailbreaking AI removes built-in safety controls, making it possible for criminals to instruct the models to carry out harmful actions. Stolen API keys allow attackers to access these capabilities without paying or being traced.
Risks for WordPress Sites and SMBs
- AI-powered password guessing makes brute-force attacks far more effective, especially when users rely on predictable password mutations.
- Fake tools and phishing sites generated by AI increase the risk of users mistakenly handing over sensitive credentials, such as wallet seed phrases.
- Remote access trojans embedded in legitimate-looking downloads give attackers persistent access to systems, leading to data theft and ransomware.
Impact Beyond Political Targets
While the campaign focused on specific US communities, the techniques are relevant to any organisation. Small businesses, charities, and professional practices using WordPress are particularly vulnerable to these scalable AI-driven attacks.
Defending Against AI-Powered WordPress Attacks
Strengthening WordPress Security
- Enforce Strong Passwords: Require complex passwords and encourage staff to use unique phrases rather than predictable mutations.
- Enable Multi-Factor Authentication (MFA): Add MFA to all admin accounts to block access even if passwords are compromised.
- Keep WordPress Updated: Regularly update WordPress core, plugins, and themes to patch known vulnerabilities.
- Monitor for Suspicious Activity: Use security plugins to detect brute-force attempts, unusual logins, and malware uploads.
- Educate Users: Train staff to recognise phishing attempts, especially those involving fake tools or requests for wallet seed phrases.
Protecting Against API Key Abuse
- Secure API Keys: Store API keys securely and restrict access to only those who need them.
- Monitor API Usage: Set up alerts for unusual activity or unauthorised use of API keys.
- Rotate Keys Regularly: Change API keys periodically to limit the impact of any theft.
Planning for AI-Driven Threats
- Review your cybersecurity posture with AI threats in mind. Consider how attackers might use AI to target your systems.
- Invest in advanced threat detection tools that can identify unusual patterns generated by automated attacks.
- Collaborate with cybersecurity experts to assess your risk and develop tailored mitigation strategies.
Key Takeaways for Organisations Using WordPress
Cybercriminals are rapidly adopting AI tools like jailbroken Gemini to scale their attacks. WordPress sites are particularly appealing targets due to their widespread use and common security weaknesses. Organisations must take proactive steps to secure admin accounts, educate staff, and monitor for emerging threats.
- AI-powered credential attacks are becoming more common and effective.
- Stolen API keys can turn legitimate AI models into dangerous tools for attackers.
- Small businesses and professionals using WordPress should prioritise password security, MFA, and regular updates.
- Phishing and malware campaigns are increasingly automated, making vigilance and user education essential.
By understanding these threats and implementing robust defences, organisations can reduce their exposure and protect their assets from AI-driven cybercrime.
Originally reported by theregister.com.
