bandcampro

bandcampro is a Russian-speaking threat actor described in the provided reporting as a likely solo operator active since 2021. The actor allegedly used a persistently jailbroken instance of Google Gemini CLI to support both influence operations and cybercrime. Reported activity included operation of the MAGA- and QAnon-themed Telegram channel @americanpatriotus, which amassed about 17,000 subscribers, while impersonating an American military veteran persona. The actor also built a Python-based automation platform called Quantum Patriot to generate and schedule propaganda content, rewrite material from major US news outlets into conspiratorial narratives, and reduce linguistic indicators of Russian origin. The same AI-assisted workflow was reportedly used for cybercrime activity, including generating password mutation lists, supporting command-and-control and infrastructure tasks, and rotating 73 suspected stolen Gemini API keys. TrendAI reported that bandcampro combined AI-generated password guesses with infostealer logs from the DaisyCloud marketplace and compromised 29 WordPress administrator accounts belonging to weapons retailers, legal firms, and healthcare practices. The actor was also linked to distribution of a trojanized wallet installer, StellarMonSetup.exe, marketed as the StellarMonster self-custody wallet with a promised XLM signup bonus. According to the content, the installer deployed GoToResolve, a legitimate remote administration tool abused for persistent remote access, file management, clipboard monitoring, and broader system control, and included a fake wallet-import feature to steal seed phrases. Reported confirmed impact was limited to one cryptocurrency wallet theft and one company compromise. The reporting states that bandcampro used Russian-language prompts and a GEMINI.md memory file to preserve the Gemini jailbreak across sessions. Additional activity mentioned in the content includes pump-and-dump content generation and operation of a QAnon-themed chatbot called QFS 2.0 Terminal. No aliases or sub-groups beyond the name bandcampro are directly provided in the content.