π―Hackers are using vulnerabilities in OpenWebUI and ComfyUI servers to secretly mine cryptocurrencies. This is a big problem because many of these servers are not protected well, making it easy for attackers to steal data and use the servers for their own gain.
What Happened
In a concerning development, OpenWebUI servers have been targeted by cybercriminals for extensive cryptocurrency mining activities. This attack campaign has been active since late 2024, exploiting a vulnerability known as CVE-2025-63391. Researchers from Cybernews have reported that misconfigured instances of these widely used open-source AI servers were compromised with malware designed for both cryptomining and stealing credentials.
The attackers utilized illicit Python scripts to inject cryptominers and infostealing payloads into the vulnerable servers. Initially, the infostealer was delivered through a malicious Java archive file, but attackers evolved their tactics, integrating data theft capabilities directly into the Python scripts. This evolution indicates a sophisticated approach to maximizing their gains from the compromised servers.
Additionally, a new report has emerged regarding a related campaign targeting ComfyUI instances, which are also exposed to similar vulnerabilities. This campaign employs a purpose-built Python scanner that continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already present. The attackers exploit misconfigurations in unauthenticated instances, allowing remote code execution through custom nodes. Once compromised, these servers are enlisted to mine Monero and Conflux cryptocurrencies using XMRig and lolMiner, respectively. This highlights a broader trend of targeting misconfigured open-source applications for cryptomining and botnet activities.
Furthermore, compromised ComfyUI instances are being integrated into a Hysteria V2 botnet, managed via a Flask-based command-and-control dashboard. The malware actively disrupts competing mining operations and employs techniques such as disabling shell history and using "chattr +i" for persistence. This sophisticated approach underscores the growing trend of exploiting open-source AI tools for illicit activities.
Who's Affected
The impact of this attack is significant, as nearly all of the 12,000 online OpenWebUI servers are susceptible to the identified vulnerability. The majority of these affected servers are located in the U.S., China, and Germany. Alarmingly, almost 50% of these servers lack proper authentication, making them easy targets for attackers. In addition, over 1,000 exposed ComfyUI instances have also been identified as targets in this cryptomining botnet campaign. The existence of these vulnerable instances indicates that the problem is not isolated to OpenWebUI but extends to other platforms, amplifying the urgency for organizations to secure their systems.
What Data Was Exposed
While the primary focus of the attackers appears to be on cryptomining, the integration of infostealer capabilities raises concerns about the types of data that may have been exposed. With the malware in place, sensitive information could be at risk, including user credentials and other personal data.
The lack of authentication on many servers exacerbates the issue, as unauthorized access becomes easier for threat actors. The ComfyUI campaign also reveals that attackers can exploit custom nodes that accept raw Python code, which could lead to further data breaches if not addressed. This situation highlights the critical need for organizations to secure their systems against such vulnerabilities to prevent unauthorized data access and theft.
What You Should Do
To mitigate the risks associated with this attack, immediate action is required. Organizations should take the following steps: By following these recommendations, organizations can significantly enhance their security posture and protect their OpenWebUI and ComfyUI instances from future attacks. Awareness and proactive measures are essential in combating the evolving threat landscape in the cybersecurity realm.
Detection
- 1.Activate authentication features on OpenWebUI and ComfyUI servers to restrict unauthorized access.
- 2.Implement admin approvals for new signups to ensure only legitimate users can access the system.
- 3.Establish IP whitelisting to limit access to trusted sources only.
Removal
- 4.Monitor for unauthorized uploads and unpermitted models to detect any suspicious activity.
- 5.Regularly scan for exposed services like ComfyUI and address any misconfigurations that could lead to remote code execution.
The integration of ComfyUI instances into the attack highlights a worrying trend of exploiting open-source AI tools. Organizations need to prioritize securing these platforms to prevent further exploitation.
