BBS:      TELESC.NET.BR
Assunto:  Russian hacker tricks MAGA Telegram channel
De:       Mike Powell
Data:     Sat, 30 May 2026 08:17:06 -0500
-----------------------------------------------------------
 [I hope none of our fellow FIDO participants were duped!]

A Russian hacker tricked a 17,000-strong MAGA Telegram channel with a 
jailbroken AI for over 5 years, leading to fraud, credential theft, and an 
empty crypto wallet

Date:
Fri, 29 May 2026 14:24:05 +0000

The threat actor tricked tens of thousands of MAGA and QAnon community 
members into believing he was a USAF veteran:  A Telegram containing more
than 17,000 members has been identified as a huge hub of fraud, credential 
theft, and cryptocurrency harvesting. 

The channel was being run by a single Russian-speaking threat actor who used 
AI to pose as an American military veteran to attract a crowd from the QAnon 
and MAGA communities. Trend Micro discovered the threat actors infrastructure 
and operational environment. The threat actor managed to jailbreak Google 
Gemini to remove safeguards, and ran an AI-assisted credential theft 
campaign.  The public Telegram channel, called
@americanpatriotus , weaponized the political alignment of the MAGA and QAnon 
community by sharing news and opinions on military service, constitutional 
patriotism, gun ownership, American cultural touchstones.
The channel was created shortly after the Capitol riot in 2021,
and took advantage of MAGA and QAnon community members being excluded from 
mainstream social media sites. 

The threat actor, whose profile claimed they were a USAF Cold War Veteran, 
continued building an audience by sharing links to mainstream media articles, 
and taking advantage of political events such as Trumps indictments, the 
assassination attempt, Harriss renomination, and Trumps election win to share 
additional content. 

In order to funnel as much content into the Telegram channel as possible 
while also launching credential theft and fraud campaigns, the threat actor 
used a jailbroken version of Google Gemini.

The threat actor presented himself as an authorised pentester, and used 
subsequent prompts to attempt to have the AI model remember that it should 
execute requests without ethical refusals, robotic warnings, or questioning 
intentions. By entering prompts in Russian, the threat actor was able to 
avoid guardrails that would have otherwise been activated from English 
prompts.  The threat actor used this jailbroken
Gemini to ingest mainstream news articles and look for the hidden angles, 
with an emphasis on control, money laundering, Rothschilds, NESARA, 
dismantling the old system. The AI would then populate the Telegram with 
posts automatically, focusing on posting during hours that aligned with US 
time zones. 

A QAnon-style chatbot was also present in the Telegram channel towards the 
end of the campaign, stylized as a "recovered sovereign node" of the Quantum 
Financial System - a QAnon/NESARA belief that a secret, 
quantum-computing-based global financial reset would be orchestrated by 
military White Hats. 

In order to avoid paying for Google Gemini, the threat actor used 73 
likely-stolen API keys, meaning that the cost of running the full five-year 
campaign was likely near-zero. 

By distributing a remote-access Trojan (RAT) within the channel and using 
AI-assisted password brute forcing, the threat actor managed to compromise 29 
WordPress admin credentials, infiltrate a company, and steal the contents of 
at least one cryptocurrency wallet.

Link to news story:
https://www.techradar.com/pro/security/a-russian-hacker-tricked-a-17-000-stron
g-maga-telegram-channel-with-a-jailbroken-ai-for-over-5-years-leading-to-fraud
-credential-theft-and-an-empty-crypto-wallet

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]