Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
Summary
Threat actors are actively targeting internet-exposed instances of ComfyUI, a popular stable diffusion platform, to incorporate them into a cryptocurrency mining and proxy botnet. A custom Python scanner identifies and compromises these instances, installing malicious nodes through the ComfyUI-Manager.
IFF Assessment
This campaign represents a direct threat to system owners by compromising their resources for malicious activities like cryptomining and proxying, demonstrating a successful exploitation of a popular platform.
Defender Context
Defenders should prioritize securing internet-facing instances of ComfyUI, ensuring strong access controls and patching any known vulnerabilities. Monitoring for unusual network activity and resource consumption on these platforms can help detect and mitigate such botnet infections.