{"id":523,"date":"2026-04-07T13:26:46","date_gmt":"2026-04-07T13:26:46","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=523"},"modified":"2026-04-07T13:26:46","modified_gmt":"2026-04-07T13:26:46","slug":"over-1000-exposed-comfyui-instances-targeted-in-cryptomining-botnet-campaign","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=523","title":{"rendered":"Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign"},"content":{"rendered":"
\n
<\/a><\/div>\n

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy\u00a0botnet.<\/p>\n

\u00abA purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes\u00a0via ComfyUI-Manager<\/a> if no exploitable node is already present,\u00bb Censys security researcher Mark\u00a0Ellzey said<\/a> in a report published\u00a0Monday.<\/p>\n

The attack activity, at its core, systemically scans for exposed ComfyUI instances and exploits a misconfiguration that allows remote code execution on unauthenticated deployments\u00a0through custom\u00a0nodes<\/a>.<\/p>\n

Upon successful exploitation, the compromised hosts are added to a cryptomining operation that mines Monero via XMRig and Conflux via lolMiner, as well as to a Hysteria V2 botnet. Both\u00a0of them are centrally managed through a Flask-based command-and-control (C2) dashboard.<\/p>\n

Data from the attack surface management platforms shows that there are more\u00a0than 1,000 publicly-accessible ComfyUI\u00a0instances<\/a>. While\u00a0not a huge number, it’s sufficient for a threat actor to run opportunistic campaigns to reap financial\u00a0gains.<\/p>\n

Censys said it discovered the campaign last month after identifying an open directory\u00a0on 77.110.96[.]200<\/a>, an IP address associated with a bulletproofing hosting services\u00a0provider, Aeza\u00a0Group. The\u00a0directory is said to have contained a previously undocumented set of tools to pull off the\u00a0attacks.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

This includes two reconnaissance tools to enumerate exposed ComfyUI instances across cloud infrastructure, identify those that have ComfyUI-Manager installed, and shortlist those that are susceptible to the code execution\u00a0exploit.<\/p>\n

One of the two scanner Python scripts also functions as an exploitation framework that weaponizes ComfyUI’s custom nodes to achieve code execution. This\u00a0technique, some aspects of which\u00a0were documented<\/a> by Snyk in December 2024, takes advantage of the fact that some custom nodes accept raw Python code as input and run it directly without requiring any authentication.<\/p>\n

<\/p>\n

As a result, an attacker can scan exposed ComfyUI instances for specific custom node families that support arbitrary code execution, effectively turning the service into a channel for delivering attacker-controlled Python payloads. Some\u00a0of the custom node families that the attack particularly looks for are listed below\u00a0–<\/p>\n