A solo Russian-speaking threat actor tracked as 'bandcampro' operated a five-year MAGA-themed Telegram channel with approximately 17,000 subscribers, initially forwarding cryptocurrency scam content before pivoting to AI-automated operations in September 2025. The actor utilized jailbroken Google Gemini to generate QAnon-styled posts, deploy infrastructure, manage stolen API keys, and run credential theft operations targeting politically engaged American audiences. The campaign weaponized cultural alignment with QAnon and MAGA communities to facilitate cryptocurrency fraud rather than political influence. Through AI assistance, the actor cracked 29 WordPress admin credentials, infiltrated at least one company, deployed remote access trojans disguised as cryptocurrency wallets, and operated a gamified chatbot called 'QFS 2.0 Terminal'. The operation demonstrates how frontier AI systems enable scalable, low-cost cybercriminal activities by allowing a single actor to perform tasks traditionally requiring enti...