Stolen Gemini API Keys Helped Solo Actor Run Telegram Influence And Fraud Campaign
9 min. read 
Published on
A solo Russian-speaking threat actor used stolen Gemini API keys and AI automation to run a long-running Telegram influence and fraud operation aimed at politically engaged American users.
Trend Micro tracks the campaign as “Patriot Bait” and the actor as bandcampro. The company said the operation ran through the @americanpatriotus Telegram channel, which had about 17,000 subscribers, and later used AI to automate content creation, credential theft, infrastructure work, and cryptocurrency fraud.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The campaign was detailed in a Trend Micro report, which said the actor’s operational environment was exposed in May 2026. Researchers found that the channel used American political and QAnon-style themes to build trust, but the main goal appeared to be financial fraud rather than political influence.
How The Patriot Bait Campaign Worked
The Telegram channel was created on February 6, 2021, about one month after the Capitol riot. Trend Micro said the timing was likely opportunistic because many QAnon and MAGA communities were moving to Telegram after being removed from larger social platforms.
For years, the channel mixed political messaging, forwarded news links, and cryptocurrency narratives. In September 2025, the actor moved toward AI-assisted content and later built a more automated pipeline around Google Gemini.
A TechRadar report also described the operation as a five-year Telegram campaign that used a fake American patriot persona to attract followers before pushing fraud, malware, and credential theft.
| Campaign detail | What researchers found |
|---|---|
| Tracked name | Patriot Bait |
| Threat actor | bandcampro, a solo Russian-speaking operator |
| Main Telegram channel | @americanpatriotus |
| Audience size | About 17,000 subscribers |
| AI platform used | Google Gemini, including likely stolen API keys |
| Primary goal | Cryptocurrency fraud and credential theft |
Stolen Gemini API Keys Kept The Operation Cheap
The actor’s cost advantage came from likely stolen Gemini API keys. Trend Micro said the operator used 73 likely stolen keys, which helped keep large-scale AI use close to free.
During one 16-hour session, the actor gave Gemini 40 likely stolen API keys to validate. The model then helped write a round-robin rotator with a cooldown period, allowing the operation to cycle through keys instead of relying on one account.
Google’s own Gemini and Google API key security guidance says developers should delete keys they do not recognize, restrict keys to intended APIs and clients, and rotate keys carefully. The same guidance warns that poor key hygiene can allow attackers to hijack cloud environments or generate unexpected charges.
Gemini Became An Operational Co-Worker
The actor used Gemini as more than a content writer. Trend Micro said the AI helped deploy servers, debug code, manage Cloudflare tunnels, analyze Telegram history, write automation scripts, and support credential theft workflows.
The actor named the content pipeline “Quantum Patriot.” It used Python scripts to prompt Gemini to roleplay as an American veteran patriot and rewrite mainstream news into Q-style Telegram posts.
Trend Micro said the actor tried to bypass guardrails by presenting himself as an authorized penetration tester and storing instructions in a GEMINI.md memory file. Because the Gemini CLI reloaded that memory file in later sessions, future conversations inherited the same jailbreak-style instructions.
- The actor used Russian-language prompts while the model produced English output.
- Gemini helped schedule posts around U.S. time zones.
- The actor used AI to remove Russian slang from posts.
- The pipeline could send posts for approval or publish automatically.
- The same AI environment supported infrastructure and credential theft tasks.
Telegram Followers Were Turned Into Fraud Targets
The channel did not only publish influence content. It also promoted cryptocurrency narratives and a QAnon-styled chatbot called QFS 2.0 Terminal, which was designed to look like part of a supposed Quantum Financial System.
Trend Micro said the bot used referral mechanics and “clearance” ranks to keep users engaged. The actor also promoted a Stellar-based token called HYPE, although researchers said that phase appeared to be disrupted before producing meaningful returns.
The TechRadar coverage said the campaign led to the compromise of 29 WordPress admin credentials, at least one company infiltration, and at least one emptied cryptocurrency wallet.
Fake Wallet Installer Delivered Remote Access
On September 9, 2025, the actor posted a file named StellarMonSetup.exe. It was advertised as a self-custody wallet called StellarMonster with a welcome bonus of up to 1,000 XLM.
Trend Micro said the file was actually GoToResolve, a legitimate remote administration tool repurposed for malicious access. Once installed, it gave the actor remote desktop access, file access, command execution, and clipboard capture.
The campaign also used a fake “import your wallet” flow to collect seed phrases. Trend Micro said at least one victim’s wallet was fully compromised, including a cracked password, stolen 12-word mnemonic, and more than 40 wallet addresses harvested across major chains.
| Fraud method | How it was used | Potential impact |
|---|---|---|
| Fake persona | Built trust with a political community | Made later fraud attempts more believable |
| AI-generated posts | Scaled Telegram content with minimal effort | Kept the channel active and targeted |
| Fake wallet installer | Delivered remote access software | Gave the actor control over victim machines |
| Seed phrase capture | Collected wallet recovery phrases | Enabled cryptocurrency theft |
| AI-assisted password guessing | Generated likely password variants | Helped crack WordPress admin accounts |
AI-Assisted Credential Theft Raised The Risk
The actor also used Gemini for credential theft. Trend Micro said the operator ran a WordPress-focused brute-forcing tool that used Gemini 2.5 Flash to generate likely password variants based on target emails and context.
The model generated possible password changes such as case swaps, year additions, symbol substitutions, name fragments, and keyboard patterns. This approach gave the actor more tailored guesses than a generic wordlist.
Google’s Threat Intelligence Group has warned that threat actors are using AI tools across many stages of cyber operations, including research, scripting, vulnerability work, and operational support. The Patriot Bait case shows how those capabilities can support a low-cost criminal operation.
Why Stolen API Keys Matter For Defenders
Stolen AI API keys can give attackers access to expensive and scalable model usage without paying for it. They can also hide malicious activity inside legitimate cloud projects until billing spikes, rate-limit alerts, or abnormal usage patterns trigger an investigation.
Google’s API key management documentation says unrestricted keys are insecure. It recommends both API restrictions and application restrictions so a key can only call specific APIs and work from approved websites, IP addresses, or applications.
For Gemini developers, the message is simple. A leaked API key can become operational fuel for someone else’s automation, scraping, fraud, or spam pipeline.
- Search code repositories, CI logs, chat tools, and issue trackers for exposed API keys.
- Delete keys that are unused, old, unknown, or exposed.
- Restrict keys by API and application wherever possible.
- Monitor usage spikes, unusual model calls, and strange geographies.
- Rotate keys carefully and update all legitimate applications before deletion.
Indicators And Hunting Clues
Trend Micro published network and file indicators tied to the campaign. Defenders should treat them as starting points, not as a complete picture, because the actor also used automation and cloud infrastructure that can change quickly.
The most useful hunting signals include GoToResolve network connections, files tied to the Gemini operational environment, the fake wallet installer, and Telegram assets used to distribute the fraud.
Security teams should combine these indicators with broader monitoring for stolen API key reuse and unusual Gemini CLI activity. Google’s API key security recommendations also point to consumption monitoring as a key way to spot abuse before it becomes expensive or operationally damaging.
| Type | Indicator | Description |
|---|---|---|
| IP address | 213.165.51.115 | GoToResolve infrastructure network connection |
| IP address | 34.34.57.141 | GoToResolve infrastructure network connection |
| IP address | 34.34.81.129 | GoToResolve infrastructure network connection |
| IP address | 35.192.41.201 | GoToResolve infrastructure network connection |
| File name | StellarMonSetup.exe | Fake Stellar wallet executable containing GoToResolve |
| File name | GEMINI.md | Memory file used for jailbreak-style instructions |
| File name | CREDENTIALS.md | File used to store tokens and GCP service accounts |
| Telegram channel | @americanpatriotus | Main distribution channel |
| Telegram bot | @QFS_Terminal_Bot | QAnon-styled chatbot used to engage subscribers |
What Organizations Should Do Now
Organizations should review Gemini and Google API key exposure across public repositories, developer workstations, CI/CD systems, server logs, and messaging platforms. They should also inspect cloud projects for model usage that does not match normal developer or application behavior.
Google’s API key guidance recommends applying restrictions to reduce the damage if a key leaks. For organizations using Gemini, that means limiting keys to the intended API and to expected clients or server environments.
Security teams should also review logs for AI-assisted credential stuffing patterns. These may include smaller sets of highly customized password attempts per user rather than massive generic brute-force traffic.
What Users Should Watch For
Telegram users should avoid installing wallet software or remote tools from political, crypto, or influencer channels. Legitimate services will not require users to install a random executable or enter a seed phrase into a new app to claim a bonus.
The campaign shows that a trusted community voice can become a fraud delivery system. Users should treat time-limited crypto bonuses, wallet import prompts, and referral-based “clearance” mechanics as major warning signs.
The broader issue is not limited to Telegram. Google’s AI threat research shows that threat actors increasingly use generative AI for operational support, while the Patriot Bait investigation shows how a solo actor can combine AI, stolen keys, Telegram trust, and crypto fraud into one operation.
FAQ
Patriot Bait was a long-running Telegram influence and fraud campaign tracked by Trend Micro. A solo Russian-speaking actor used a fake American patriot persona to build an audience and later used AI to automate content, credential theft, infrastructure work, and crypto fraud.
The actor used likely stolen Gemini API keys to run AI tasks at almost no cost. Trend Micro said the actor used 73 likely stolen keys and even had Gemini help validate and rotate keys during one session.
Trend Micro assessed that the campaign was more likely financially motivated. The political identity helped build trust with a specific audience, but the operation pushed cryptocurrency fraud, remote access software, and credential theft.
Developers should find and remove exposed keys, delete unknown keys, apply API and application restrictions, monitor unusual usage, and rotate keys carefully. Keys should not be stored in public repositories, chat logs, or exposed client-side code.
Users should avoid installing wallet apps, remote access tools, or executables shared by Telegram channels. They should never enter seed phrases or private keys into apps promoted through social media or political communities.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages