Threat actors are actively exploiting misconfigured, internet-exposed ComfyUI instances to install malicious nodes, enabling remote code execution for cryptocurrency mining and the creation of proxy botnets.

Key Points

• Attackers use automated Python scanners to identify over 1,000 publicly accessible ComfyUI instances across cloud infrastructure.
• The campaign exploits custom nodes that accept raw Python code, allowing attackers to gain unauthorized remote access.
• Compromised hosts are enlisted into a botnet to mine Monero and Conflux, or to serve as proxies via Hysteria V2.
• Malware achieves persistence by clearing logs, using cron-like re-execution, and locking binaries with the "chattr +i" command.
• The operation is managed through a centralized Flask-based dashboard and actively sabotages competing mining botnets like "Hisana."

Why it Matters

This campaign highlights the growing security risks associated with AI-focused development tools that lack robust authentication for remote access. Organizations using ComfyUI must secure their instances to prevent their computing resources from being hijacked for illicit financial gain or large-scale botnet operations.