Summary

An active cryptomining botnet campaign is targeting over 1,000 internet-exposed instances of ComfyUI, a stable diffusion platform. The campaign utilizes a Python scanner to exploit vulnerabilities and install malicious nodes via ComfyUI-Manager.

Key Points

• Over 1,000 ComfyUI instances have been targeted in a cryptomining botnet campaign.
• The campaign uses a purpose-built Python scanner to identify and exploit vulnerable instances.
• Malicious nodes are automatically installed via ComfyUI-Manager if no exploitable node is found.
• The campaign specifically targets major cloud IP ranges.

Analysis

This campaign highlights the ongoing threat posed by cryptomining botnets, which exploit exposed and vulnerable systems to generate cryptocurrency. The use of a Python scanner to automate the identification and exploitation of ComfyUI instances underscores the sophistication and scale of modern cyber threats. IT professionals must be vigilant in securing cloud-based services and platforms.

Conclusion

IT professionals should ensure that ComfyUI instances are not exposed to the internet without proper security measures. Regularly updating and patching systems, along with monitoring for unusual activity, can mitigate the risk of exploitation by such botnet campaigns.