Over 1,000 Exposed ComfyUI Instances Compromised in Cryptomining Botnet Campaign
A recent cybersecurity investigation has uncovered a widespread campaign targeting over 1,000 publicly accessible ComfyUI instances. ComfyUI, a widely used stable diffusion platform, has become the focal point for attackers aiming to integrate these instances into a sophisticated botnet designed for cryptocurrency mining and proxy services.
Attack Methodology
The attackers employ a specialized Python-based scanner that systematically probes extensive cloud IP ranges to identify vulnerable ComfyUI instances. Upon detection, the scanner exploits a misconfiguration within ComfyUI that permits remote code execution on deployments lacking proper authentication. This vulnerability is particularly associated with certain custom nodes that accept raw Python code as input, executing it without requiring authentication.
Exploitation Process
Once a susceptible ComfyUI instance is identified, the scanner assesses the presence of specific custom node families known to facilitate arbitrary code execution. Notable among these are:
– Vova75Rus/ComfyUI-Shell-Executor
– filliptm/ComfyUI_Fill-Nodes
– seanlynch/srl-nodes
– ruiqutech/ComfyUI-RuiquNodes
If these nodes are absent, the scanner checks for the installation of ComfyUI-Manager. If present, it installs a vulnerable node package to facilitate exploitation. Notably, ComfyUI-Shell-Executor is a malicious package crafted by the attackers to retrieve a secondary shell script (ghost.sh) from a designated IP address. Upon successful code execution, the scanner erases evidence of the exploit by clearing the ComfyUI prompt history.
Persistence Mechanisms
To maintain control over the compromised systems, the attackers have implemented several persistence strategies:
– Regular Updates: The shell script is configured to download every six hours, ensuring the exploit remains active.
– Startup Execution: The exploit workflow is re-executed each time ComfyUI is initiated.
– Process Concealment: Utilizing the LD_PRELOAD hook, a watchdog process is hidden to automatically restart the miner process if it is terminated.
– Redundancy: The miner program is duplicated across multiple directories, allowing it to be relaunched from alternative locations if the primary installation is removed.
– File Protection: The chattr +i command is employed to lock miner binaries, preventing deletion, modification, or renaming, even by users with root privileges.
Command-and-Control Infrastructure
The compromised hosts are managed through a Flask-based command-and-control (C2) dashboard, enabling the attackers to issue commands and deploy additional payloads. This includes installing Hysteria V2, likely to repurpose the compromised nodes as proxies for further malicious activities.
Discovery and Analysis
The campaign was identified by Censys security researchers, who discovered an open directory on the IP address 77.110.96[.]200, linked to the bulletproof hosting provider Aeza Group. This directory contained a suite of tools designed to facilitate the attacks, including reconnaissance scripts to locate exposed ComfyUI instances and exploitation frameworks to leverage the identified vulnerabilities.
Broader Implications
This incident underscores a growing trend of attackers targeting internet-exposed services to build botnets for financial gain. Similar campaigns have been observed exploiting vulnerabilities in other platforms:
– n8n Workflow Automation Platform: A critical remote code execution vulnerability (CVE-2025-68613) was actively exploited, with over 24,700 instances remaining exposed.
– Ollama AI Servers: Researchers found 175,000 publicly exposed Ollama AI servers across 130 countries, highlighting the risks associated with unmanaged AI compute infrastructure.
– Industrial Control Systems (ICS): Over 145,000 ICS across 175 countries were found exposed online, posing significant risks to critical infrastructure.
– DrayTek Routers: More than 700,000 DrayTek routers were exposed to hacking due to 14 newly discovered vulnerabilities.
– Redis Servers: Over 39,000 unauthenticated Redis instances were found exposed on the internet, making them susceptible to unauthorized access and exploitation.
Recommendations
To mitigate such threats, organizations are advised to:
– Implement Authentication: Ensure that all internet-facing services require robust authentication mechanisms.
– Regularly Update Software: Keep all software and platforms updated to the latest versions to patch known vulnerabilities.
– Monitor Network Activity: Continuously monitor network traffic for unusual activities that may indicate a compromise.
– Restrict Access: Limit exposure by configuring services to run only on internal networks or behind firewalls.
– Conduct Security Audits: Regularly perform security assessments to identify and remediate potential vulnerabilities.
By adopting these practices, organizations can enhance their security posture and reduce the risk of falling victim to similar botnet campaigns.
