ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet

The rapid adoption of AI‑driven interfaces like ComfyUI has created a sprawling attack surface. While the platform simplifies model deployment for developers, many users leave default configurations unchecked, allowing unauthenticated access. This lax security posture is attractive to cybercriminals who can automate discovery across cloud providers, turning benign compute nodes into profit centers without the victim’s knowledge.

The current operation leverages a bespoke Python scanner that probes IP ranges for open ComfyUI endpoints. Once a vulnerable instance is found, the attackers inject malicious nodes through the ComfyUI‑Manager extension, granting remote code execution. The compromised machines then run XMRig and lolMiner to harvest Monero and Conflux, cryptocurrencies prized for their privacy features. Simultaneously, the servers become part of a Hysteria V2 proxy botnet, coordinated via a Flask‑based command‑and‑control panel that can route traffic, hide malicious activity, and even sabotage rival miners.

For enterprises and cloud users, the incident is a cautionary tale about the hidden costs of open‑source AI tools. Organizations should enforce strict authentication, isolate AI workloads in private subnets, and employ continuous vulnerability scanning. Monitoring for unusual CPU spikes or outbound mining traffic can reveal early signs of compromise. As attackers increasingly weaponize AI platforms, proactive hardening and real‑time threat intelligence become essential components of a resilient security strategy.