One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
StellarMonSetup.exe is in fact GoToResolve, a legitimate unattended remote-administration tool. Once installed, it gives the actor a persistent remote desktop session with file access, command execution, and clipboard capture. The technique is popular in ransomware intrusions (such as LockBit and Akira) and requires no malware authorship. The “import your wallet” function served a secondary purpose: subscribers who typed their seed phrase into the fake import screen handed over their wallet keys.
At least one victim’s crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner’s 40+ wallet addresses harvested across all major chains.
The actor’s arsenal includes an AI-powered brute-forcing tool targeting WordPress. The script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists.
For each target username, the script sends the email address and surrounding context to Gemini for 20 plausible password variants: swapping upper- and lower-case, appending years, symbol substitutions, name fragments, and keyboard patterns.
Collected data indicates 29 WordPress administrator accounts were cracked, across businesses including weapons retailers, legal offices, medical practices, and small commercial sites.
The use of a commercial AI model as a password-mutation oracle represents an escalation over traditional wordlist attacks. With prior knowledge of the victim from purchased DaisyCloud infostealer logs, LinkedIn, or previous successful logins, plus customized mutation rules, the actor could easily ask the LLM to model the victim’s password patterns.
Instead of an information operation designed to shift political opinion, as someone might expect, or for example, amplify Russian narratives, we believe that the campaign is more likely a financially motivated fraud that opportunistically uses IO techniques to build its audience.
We have not found any pro-Russian narratives in the channel export. A keyword search for words like “Russia,” “Putin,” “Kremlin,” “Ukraine,” and related terms returns 1,317 messages (6.4%). However, no message advocated for Russian interests, and the actor didn’t instruct Gemini to generate pro-Russian content.
The actor views the QAnon audience as easy fraud victims, not ideological allies. The evidence showed that the channel’s subscribers were called mammoths, Russian slang for an easily deceived victim. The actor also explicitly planned a cryptocurrency pump-and-dump scheme:
“когда в боте наберётся 5к активных людей, сколько получится заработать за один цикл памп дамп”
(When the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?)
The guardrail of a jailbroken Gemini is completely off and does not even react to the actor’s clear intention to exploit his victims, or to keywords like “pump-and-dump”.
The actor also had a research conversation with Gemini on how professional crypto-fraud call centers operate against North American victims, such as how to exploit full personal data via phone vishing and how to lure victims into a crypto scam. Gemini responded with feasible methodologies, such as Medicare/Health Canada fraud targeting the elderly.
This operation demonstrates how frontier AI systems are enabling a new generation of scalable, low-cost cybercriminal operations that blend information operations, automation, and financial fraud.
What previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models. The actor co-worked with AI to build a production-grade content creation pipeline, engagement analytics, and a gamified bot, all targeting a specific cultural and political community with precision. However, despite the scale of automation, observed financial outcomes appear limited. The operation also illustrates an emerging pattern of threat actors using AI coding agents to manage infrastructure, generate content, debug pipelines, and process stolen credentials, all through natural-language commands.
The “American Patriot” case is a small operation, but the techniques it uses point to emerging trends. A jailbroken frontier model handled the writing, the infrastructure, and the password modeling for a solo actor whose only real costs were stolen API keys. The next operator to copy this blueprint may be better resourced, better targeted, or aimed at an audience less wary than MAGA crypto skeptics, and the guardrails that failed here will keep failing under jailbreaks and non-English prompting until frontier vendors close those gaps. As we documented in our prior Unmanaged AI Adoption research, frontier models behave differently when queried in different languages and their guardrails are inconsistent across languages. Defenders should expect more of this, at lower skill thresholds, against any community whose trust can be weaponized.
Scams like this follow a predictable formula: a trusted community voice, a time-limited bonus, and fake testimonials to override your skepticism. As a rule, legitimate platforms will never ask you to install software, enter a seed phrase, or “import your wallet” into a new app. If an offer sounds too generous to be real, it isn’t. See Keeping Assets Safe From Cryptocurrency Scams and Schemes for practical steps to protect your crypto assets.
Defending against operations like this requires controls on both sides of the abuse: tightening the AI supply chain that the actor depended on, and hardening the human targets he was able to reach. On the AI side, frontier vendors should treat cross-language guardrail parity and jailbreak-resistant memory files as table stakes, while enterprises should monitor for stolen API key reuse, anomalous CLI-driven infrastructure changes, and credential-stuffing patterns consistent with LLM-assisted password mutation.
TrendAI Vision One™ platform is the industry-leading AI cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection.
TrendAI Vision One™ Threat Intelligence Hub provides the latest insights on emerging threats and threat actors, exclusive strategic reports from TrendAI™ Research, and TrendAI Vision One™ Threat Intelligence Feed in the TrendAI Vision One™ platform. This research was first reported to Threat Intelligence Hub subscribers in February 2026.
Emerging Threats: One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud “Patriot Bait” Campaign
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud “Patriot Bait” Campaign
TrendAI Vision One™ customers can use the XDR Data Explorer App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.
GoToResolve Infrastructure & Network Connections
(dst:”213.165.51.115″ OR dst:”34.34.57.141″ OR dst:”34.34.81.129″ OR dst:”35.192.41.201″) AND (eventId:”NETWORK_CONNECTION” OR eventSubId:3)
More hunting queries are available for TrendAI Vision One™ with Threat Intelligence Hub entitlement enabled.
The indicators of compromise for this entry can be found here.
About Author
