{"id":45191,"date":"2026-04-07T23:14:15","date_gmt":"2026-04-07T15:14:15","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/07\/over-1000-exposed-comfyui-instances-targeted-in-cryptomining-botnet-campaign\/"},"modified":"2026-04-07T23:14:15","modified_gmt":"2026-04-07T15:14:15","slug":"over-1000-exposed-comfyui-instances-targeted-in-cryptomining-botnet-campaign","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/07\/over-1000-exposed-comfyui-instances-targeted-in-cryptomining-botnet-campaign\/","title":{"rendered":"Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign"},"content":{"rendered":"<div style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNAquH2CuNdKvNbKqIsmTqg2Rpb5SRn8zxBKdQliREzpq_Byd0ye0aD8IFVa1JUj09QnQVJVnAVET30DX0jRBK1LBXJ-16QC_GoiYDH2ibCfoYcttx3McOurmn9e4cSugeNgEQa-oVqR13I9K1h6ktgggudmT3u88I_iN_ksHQvuS2N0u0uGlUNTW_Tv9l\/s1600\/compfyui.jpg\" style=\"display: block; padding: 1em 0; text-align: center; clear: left; float: left;\"><img decoding=\"async\" border=\"0\" data-original-height=\"470\" data-original-width=\"900\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNAquH2CuNdKvNbKqIsmTqg2Rpb5SRn8zxBKdQliREzpq_Byd0ye0aD8IFVa1JUj09QnQVJVnAVET30DX0jRBK1LBXJ-16QC_GoiYDH2ibCfoYcttx3McOurmn9e4cSugeNgEQa-oVqR13I9K1h6ktgggudmT3u88I_iN_ksHQvuS2N0u0uGlUNTW_Tv9l\/s1600\/compfyui.jpg\" alt=\"Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign\"\/><\/a><\/div>\n<p>An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy&nbsp;botnet.<\/p>\n<p>&#8220;A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes&nbsp;via <a href=\"https:\/\/github.com\/Comfy-Org\/ComfyUI-Manager\">ComfyUI-Manager<\/a> if no exploitable node is already present,&#8221; Censys security researcher Mark&nbsp;Ellzey <a href=\"https:\/\/censys.com\/blog\/comfyui-servers-cryptomining-proxy-botnet\/\">said<\/a> in a report published&nbsp;Monday.<\/p>\n<p>The attack activity, at its core, systemically scans for exposed ComfyUI instances and exploits a misconfiguration that allows remote code execution on unauthenticated deployments&nbsp;through <a href=\"https:\/\/docs.comfy.org\/development\/core-concepts\/nodes\">custom&nbsp;nodes<\/a>.<\/p>\n<p>Upon successful exploitation, the compromised hosts are added to a cryptomining operation that mines Monero via XMRig and Conflux via lolMiner, as well as to a Hysteria V2 botnet. Both&nbsp;of them are centrally managed through a Flask-based command-and-control (C2) dashboard.<\/p>\n<p>Data from the attack surface management platforms shows that there are more&nbsp;than <a href=\"https:\/\/platform.censys.io\/search?q=%28host.services.endpoints.http.html_tags+%3D+%22%3Ctitle%3EComfyUI%3C%2Ftitle%3E%22%29+and+not+host.services.labels.value+%3D+%22HONEYPOT%22\">1,000 publicly-accessible ComfyUI&nbsp;instances<\/a>. While&nbsp;not a huge number, it&#8217;s sufficient for a threat actor to run opportunistic campaigns to reap financial&nbsp;gains.<\/p>\n<p>Censys said it discovered the campaign last month after identifying an open directory&nbsp;on <a href=\"https:\/\/platform.censys.io\/hosts\/77.110.96.200\">77.110.96[.]200<\/a>, an IP address associated with a bulletproofing hosting services&nbsp;provider, <a href=\"https:\/\/thehackernews.com\/2025\/07\/us-sanctions-russian-bulletproof.html\">Aeza&nbsp;Group<\/a>. The&nbsp;directory is said to have contained a previously undocumented set of tools to pull off the&nbsp;attacks.<\/p>\n<p>This includes two reconnaissance tools to enumerate exposed ComfyUI instances across cloud infrastructure, identify those that have ComfyUI-Manager installed, and shortlist those that are susceptible to the code execution&nbsp;exploit.<\/p>\n<p>One of the two scanner Python scripts also functions as an exploitation framework that weaponizes ComfyUI&#8217;s custom nodes to achieve code execution. This&nbsp;technique, some aspects of which&nbsp;were <a href=\"https:\/\/labs.snyk.io\/resources\/hacking-comfyui-through-custom-nodes\/\">documented<\/a> by Snyk in December 2024, takes advantage of the fact that some custom nodes accept raw Python code as input and run it directly without requiring any authentication.<\/p>\n<p> <a name=\"more\"><\/a> <\/p>\n<p>As a result, an attacker can scan exposed ComfyUI instances for specific custom node families that support arbitrary code execution, effectively turning the service into a channel for delivering attacker-controlled Python payloads. Some&nbsp;of the custom node families that the attack particularly looks for are listed below&nbsp;&#8211;<\/p>\n<ul>\n<li>Vova75Rus\/ComfyUI-Shell-Executor<\/li>\n<li>filliptm\/ComfyUI_Fill-Nodes<\/li>\n<li>seanlynch\/srl-nodes<\/li>\n<li>ruiqutech\/ComfyUI-RuiquNodes<\/li>\n<\/ul>\n<p>&#8220;If none of the target nodes are present, the scanner checks whether ComfyUI-Manager is installed,&#8221; Censys said. &#8220;If available, it installs a vulnerable node package itself, then retries exploitation.&#8221;<\/p>\n<div style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEikaVhRPaXUbrhU-MsUlf2VqYKxmkD2cdWgOQWGit4H0bQJs5cgpHvy4QP-R8NNC2BGbAotVgtU6ZS_xf7LOAaAVweLeqb64fdwB-AHQv_nUPxhE1Gq3GShLWWfuTWkEEXvjXKAN2aczToCWLsoNlfM1axgUGJXPHNB0VMgujHwfZgwGr5ZeJcX4FPSEfVV\/s1600\/kry.png\" style=\"clear: left; display: block; float: left; padding: 1em 0px; text-align: center;\"><img decoding=\"async\" border=\"0\" data-original-height=\"969\" data-original-width=\"1191\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEikaVhRPaXUbrhU-MsUlf2VqYKxmkD2cdWgOQWGit4H0bQJs5cgpHvy4QP-R8NNC2BGbAotVgtU6ZS_xf7LOAaAVweLeqb64fdwB-AHQv_nUPxhE1Gq3GShLWWfuTWkEEXvjXKAN2aczToCWLsoNlfM1axgUGJXPHNB0VMgujHwfZgwGr5ZeJcX4FPSEfVV\/s1600\/kry.png\" alt=\"Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign\" \/><\/a><\/div>\n<p>It&#8217;s worth noting that &#8220;ComfyUI-Shell-Executor&#8221; is a malicious package created by the attacker to fetch a next-stage shell script (&#8220;ghost.sh&#8221;) from the aforementioned IP address. Once&nbsp;code execution is obtained, the scanner removes evidence of the exploit by clearing the ComfyUI prompt&nbsp;history.<\/p>\n<p>A newer version of the scanner also incorporates persistence mechanisms that cause the shell script to be downloaded every six hours and the exploit workflow to be re-executed every time ComfyUI is&nbsp;started.<\/p>\n<p>The shell script, for its part, disables shell history, kills competing miners, launches the miner process,&nbsp;anduses&nbsp;the <a href=\"https:\/\/thehackernews.com\/2023\/03\/cryptojacking-group-teamtnt-suspected.html\">LD_PRELOAD<\/a> hook to hide a watchdog process that ensures the miner process is revived in the event it gets terminated.<\/p>\n<p>In addition, the miner program is copied to multiple locations so that even if the primary install directory gets wiped, it can be launched from one of the fallback locations. A&nbsp;third mechanism the malware uses to ensure persistence is the use of the&nbsp;&#8220;<a href=\"https:\/\/man7.org\/linux\/man-pages\/man1\/chattr.1.html\">chattr&nbsp;+i<\/a>&#8221; command to lock the miner binaries and prevent them from being deleted, modified, or renamed, even by the root&nbsp;user.<\/p>\n<p>&#8220;There is also dedicated code targeting a specific competitor, &#8216;Hisana&#8217; (which is referenced throughout the code), which appears to be another mining botnet,&#8221; Censys explained. &#8220;Rather than just killing it, ghost.sh&nbsp;overwrites its configuration to redirect Hisana&#8217;s mining output to its own wallet address, then occupies Hisana&#8217;s C2 port (10808) with a dummy Python listener so Hisana can&#8217;t&nbsp;restart.&#8221;<\/p>\n<p>The infected hosts are commandeered by means of a Flask-based C2 panel, which allows the operator to push instructions or deploy additional payloads, including a shell script that installs Hysteria V2 with the likely goal of selling compromised nodes as&nbsp;proxies.&nbsp;<\/p>\n<p>Further analysis of the attacker&#8217;s shell command history has revealed an SSH login attempt as root to the IP&nbsp;address <a href=\"https:\/\/www.virustotal.com\/gui\/ip-address\/120.241.40.237\/detection\">120.241.40[.]237<\/a>, which has been linked to&nbsp;an <a href=\"https:\/\/censys.com\/blog\/databases-exposed-redis\/\">ongoing worm&nbsp;campaign<\/a> targeting exposed Redis database&nbsp;servers.<\/p>\n<p>&#8220;Much of the tooling in this repository appears hastily assembled, and the overall tactics and techniques might initially suggest unsophisticated activity,&#8221; Censys said. &#8220;Specifically, the operator identifies exposed ComfyUI instances running custom nodes, determines which of those nodes expose unsafe functionality, and then uses them as a pathway to remote code execution.&#8221;<\/p>\n<p>&#8220;The infrastructure accessed by the operator further supports the idea that this activity is part of a broader campaign focused on discovering and exploiting exposed services, followed by the deployment of custom tooling for persistence, scanning, or monetization.&#8221;<\/p>\n<p>The discovery coincides with the emergence of multiple botnet campaigns in recent weeks&nbsp;&#8211;<\/p>\n<ul>\n<li>Exploitation of <a href=\"https:\/\/thehackernews.com\/2026\/03\/weekly-recap-sd-wan-0-day-critical-cves.html#:~:text=Zerobot%20Exploits%20Flaws%20in%20n8n%20and%20Tenda%20Routers\">command injection vulnerabilities<\/a> in n8n (<a href=\"https:\/\/thehackernews.com\/2026\/03\/cisa-flags-actively-exploited-n8n-rce.html\">CVE-2025-68613<\/a>) and Tenda AC1206 routers (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-7544\">CVE-2025-7544<\/a>) to <a href=\"https:\/\/www.intel471.com\/blog\/cve-2025-68613-zerobot-botnet-exploits-critical-vulnerability-impacting-n8n-ai-orchestration-platform\">add them<\/a> to a Mirai-based botnet known as <a href=\"https:\/\/thehackernews.com\/2022\/12\/zerobot-botnet-emerges-as-growing.html\">Zerobot<\/a>.<\/li>\n<li>Exploitation of <a href=\"https:\/\/www.vulncheck.com\/blog\/return-of-the-kinsing\">vulnerabilities<\/a> in Apache ActiveMQ (<a href=\"https:\/\/thehackernews.com\/2023\/11\/new-poc-exploit-for-apache-activemq.html\">CVE-2023-46604<\/a>), Metabase (<a href=\"https:\/\/thehackernews.com\/2023\/07\/major-security-flaw-discovered-in.html\">CVE-2023-38646<\/a>), and React Server Components (<a href=\"https:\/\/thehackernews.com\/2026\/04\/hackers-exploit-cve-2025-55182-to.html\">CVE-2025-55182<\/a> aka React2Shell) to deliver <a href=\"https:\/\/thehackernews.com\/2024\/05\/kinsing-hacker-group-exploits-more.html\">Kinsing<\/a>, a persistent malware used for cryptocurrency mining and launching Distributed Denial of Service (DDoS) attacks.<\/li>\n<li>Exploitation of a suspected zero-day vulnerability in fnOS Network Attached Storage (NAS) to target internet-exposed systems and implant them with a DDoS malware called <a href=\"https:\/\/blog.xlab.qianxin.com\/netdragon\/\">Netdragon<\/a>. &#8220;NetDragon establishes an HTTP backdoor interface on compromised devices, enabling attackers to remotely access and control the infected systems,&#8221; QiAnXin XLab said. &#8220;It tampers with the &#8216;hosts&#8217; file to hijack the official Feiniu NAS system update domains, effectively preventing devices from obtaining system updates and security patches.&#8221;<\/li>\n<li>Expansion of <a href=\"https:\/\/thehackernews.com\/2026\/03\/threatsday-bulletin-oauth-trap-edr.html#botnet-exploiting-174-flaws\">RondoDox<\/a>&#8216;s exploit list to 174 different vulnerabilities, while shifting the attack methodology from a &#8220;shotgun approach&#8221; to more targeted and recent flaws that are more likely to lead to infections.<\/li>\n<li>Exploitation of <a href=\"https:\/\/eclypsium.com\/blog\/condibot-monaco-malware-network-infrastructure\/\">known security vulnerabilities<\/a> to deploy a new variant of <a href=\"https:\/\/thehackernews.com\/2025\/03\/ballista-botnet-exploits-unpatched-tp.html\">Condi<\/a>, a Linux malware that turns compromised linux devices into bots capable of conducting DDoS attacks. The&nbsp;binary references a string &#8220;QTXBOT,&#8221; either indicating the name of the forked version or the internal project name.<\/li>\n<li>Brute-force attacks against SSH servers to launch an XMRig miner and generate illicit cryptocurrency revenue as part of an active cryptojacking operation called Monaco. Weak&nbsp;SSH passwords have also been <a href=\"https:\/\/isc.sans.edu\/diary\/32708\">used as attack pathways<\/a> to deploy malware that establishes persistence, kills competing miners, connects to an external server, and performs a ZMap scan to propagate the malware in a worm-like fashion to other vulnerable hosts.<\/li>\n<\/ul>\n<p>&#8220;Botnet activity has surged over the last year, with Spauhaus noting 26% and 24% increases in the two six-month periods Jan &#8211; Jun 2025 and Jul &#8211; Dec 2025, respectively,&#8221;&nbsp;Pulsedive <a href=\"https:\/\/blog.pulsedive.com\/the-operations-of-the-swarm-inside-the-complex-world-of-mirai-based-botnets\/\">said<\/a>.<\/p>\n<p>&#8220;This increase is associated with bots and nodes appearing in the United States. The&nbsp;increase also stems from the availability of source code for botnets such as Mirai. Mirai&nbsp;offshoots and variants are responsible for some of the largest DDoS attacks by&nbsp;volume.&#8221;<\/p>\n<div><\/div>\n<div>Found this article interesting?  Follow us on <a href='https:\/\/news.google.com\/publications\/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ' rel='noopener' target='_blank'>Google News<\/a>, <a href='https:\/\/twitter.com\/thehackersnews' rel='noopener' target='_blank'>Twitter<\/a> and <a href='https:\/\/www.linkedin.com\/company\/thehackernews\/' rel='noopener' target='_blank'>LinkedIn<\/a> to read more exclusive content we post.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy&nbsp;botnet.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-45191","post","type-post","status-publish","format-standard","hentry","category-thehackernews"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=45191"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45191\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=45191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=45191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=45191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}