Cryptomining Botnet Hijacks Over 1,000 Exposed ComfyUI AI Instances
What Happened – Threat actors deployed a Python‑based scanner that sweeps large cloud IP blocks for internet‑exposed instances of ComfyUI, a popular Stable Diffusion UI. When an unprotected instance is found, the scanner automatically installs a malicious node via the ComfyUI‑Manager component, enrolling the host in a cryptocurrency‑mining and proxy botnet. Over 1,000 such instances have been confirmed compromised.
Why It Matters for TPRM –
- Unsecured third‑party AI services can be weaponised, driving unexpected compute costs and degrading performance for your organization.
- Compromised nodes may be used as stepping stones for broader attacks against your supply chain or data assets.
- The campaign highlights the need for strict configuration and continuous monitoring of cloud‑exposed vendor tools.
Who Is Affected – SaaS AI/ML platforms, cloud hosting providers, enterprises that deploy ComfyUI for internal or customer‑facing image generation, and any downstream services that rely on those instances.
Recommended Actions –
- Inventory all ComfyUI deployments across your vendor ecosystem.
- Verify that instances are not publicly reachable; enforce network segmentation and firewall rules.
- Patch or upgrade ComfyUI‑Manager to the latest version and disable unnecessary remote APIs.
- Implement continuous scanning for exposed ports and anomalous mining activity.
- Require vendors to provide evidence of secure configuration and monitoring controls.
Technical Notes – The attack leverages a misconfiguration (publicly exposed HTTP endpoints) rather than a known CVE. The malicious payload is delivered through the ComfyUI‑Manager script, which runs with the same privileges as the UI service, allowing the attacker to install crypto‑miner binaries and proxy services. Source: The Hacker News