Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active botnet campaign is targeting internet-exposed ComfyUI instances, a popular stable diffusion platform, to enroll them in a cryptocurrency mining and proxy network. The attackers employ a purpose-built Python scanner that continuously sweeps major cloud IP ranges searching for vulnerable targets. Upon finding an exposed instance, the malware automatically installs malicious nodes via ComfyUI-Manager if no compromised node already exists. Organizations running ComfyUI should immediately restrict access to management interfaces, implement strong authentication, monitor for unauthorized cryptocurrency mining processes, and ensure proper network segmentation to prevent lateral movement.

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already

An active botnet campaign is targeting internet-exposed ComfyUI instances, a popular stable diffusion platform, to enroll them in a cryptocurrency mining and proxy network. The attackers employ a purpose-built Python scanner that continuously sweeps major cloud IP ranges searching for vulnerable targets. Upon finding an exposed instance, the malware automatically installs malicious nodes via ComfyUI-Manager if no compromised node already exists. Organizations running ComfyUI should immediately restrict access to management interfaces, implement strong authentication, monitor for unauthorized cryptocurrency mining processes, and ensure proper network segmentation to prevent lateral movement. An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already