Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign Ravie LakshmananApr 07, 2026Cloud Security / Malware An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already present," Censys security researcher Mark Ellzey said in a report published Monday. The attack activity, at its core, systemically scans for exposed ComfyUI instances and exploits a misconfiguration that allows remote code execution on unauthenticated deployments through custom nodes. Upon successful exploitation, the compromised hosts are added to a cryptomining operation that mines Monero via XMRig and Conflux via lolMiner, as well as to a Hysteria V2 botnet. Both of them are centrally managed through a Flask-based command-and-control (C2) dashboard. Data from the attack surface management platforms shows that there are more than 1,000 publicly-accessible ComfyUI instances. While not a huge number, it's sufficient for a threat actor to run opportunistic campaigns to reap financial gains. Censys said it discovered the campaign last month after identifying an open directory on 77.110.96[.]200, an IP address associated with a bulletproofing hosting services provider, Aeza Group. The directory is said to have contained a previously undocumented set of tools to pull off the attacks. This includes two reconnaissance tools to enumerate exposed ComfyUI instances across cloud infrastructure, identify those that have ComfyUI-Manager installed, and shortlist those that are susceptible to the code execution exploit. One of the two scanner Python scripts also functions as an exploitation framework that weaponizes ComfyUI's custom nodes to achieve code execution. This technique, some aspects of which were documented by Snyk in December 2024, takes advantage of the fact that some custom nodes accept raw Python code as input and run it directly without requiring any authentication. As a result, an attacker can scan exposed ComfyUI instances for specific custom node families that support arbitrary code execution, effectively turning the service into a channel for delivering attacker-controlled Python payloads. Some of the custom node families that the attack particularly looks for are listed below - Vova75Rus/ComfyUI-Shell-Executor filliptm/ComfyUI_Fill-Nodes seanlynch/srl-nodes ruiqutech/ComfyUI-RuiquNodes "If none of the target nodes are present, the scanner checks whether ComfyUI-Manager is installed," Censys said. "If available, it installs a vulnerable node package itself, then retries exploitation." It's worth noting that "ComfyUI-Shell-Executor" is a malicious package created by the attacker to fetch a next-stage shell script ("ghost.sh") from the aforementioned IP address. Once code execution is obtained, the scanner removes evidence of the exploit by clearing the ComfyUI prompt history. A newer version of the scanner also incorporates persistence mechanisms that cause the shell script to be downloaded every six hours and the exploit workflow to be re-executed every time ComfyUI is started. The shell script, for its part, disables shell history, kills competing miners, launches the miner process, anduses the LD_PRELOAD hook to hide a watchdog process that ensures the miner process is revived in the event it gets terminated. In addition, the miner program is copied to multiple locations so that even if the primary install directory gets wiped, it can be launched from one of the fallback locations. A third mechanism the malware uses to ensure persistence is the use of the "chattr +i" command to lock the miner binaries and prevent them from being deleted, modified, or renamed, even by the root user. "There is also dedicated code targeting a specific competitor, 'Hisana' (which is referenced throughout the code), which appears to be another mining botnet," Censys explained. "Rather than just killing it, ghost.sh overwrites its configuration to redirect Hisana's mining output to its own wallet address, then occupies Hisana’s C2 port (10808) with a dummy Python listener so Hisana can't restart." The infected hosts are commandeered by means of a Flask-based C2 panel, which allows the operator to push instructions or deploy additional payloads, including a shell script that installs Hysteria V2 with the likely goal of selling compromised nodes as proxies.  Further analysis of the attacker's shell command history has revealed an SSH login attempt as root to the IP address 120.241.40[.]237, which has been linked to an ongoing worm campaign targeting exposed Redis database servers. "Much of the tooling in this repository appears hastily assembled, and the overall tactics and techniques might initially suggest unsophisticated activity," Censys said. "Specifically, the operator identifies exposed ComfyUI instances running custom nodes, determines which of those nodes expose unsafe functionality, and then uses them as a pathway to remote code execution." "The infrastructure accessed by the operator further supports the idea that this activity is part of a broader campaign focused on discovering and exploiting exposed services, followed by the deployment of custom tooling for persistence, scanning, or monetization." The discovery coincides with the emergence of multiple botnet campaigns in recent weeks - Exploitation of command injection vulnerabilities in n8n (CVE-2025-68613) and Tenda AC1206 routers (CVE-2025-7544) to add them to a Mirai-based botnet known as Zerobot. Exploitation of vulnerabilities in Apache ActiveMQ (CVE-2023-46604), Metabase (CVE-2023-38646), and React Server Components (CVE-2025-55182 aka React2Shell) to deliver Kinsing, a persistent malware used for cryptocurrency mining and launching Distributed Denial of Service (DDoS) attacks. Exploitation of a suspected zero-day vulnerability in fnOS Network Attached Storage (NAS) to target internet-exposed systems and implant them with a DDoS malware called Netdragon. "NetDragon establishes an HTTP backdoor interface on compromised devices, enabling attackers to remotely access and control the infected systems," QiAnXin XLab said. "It tampers with the 'hosts' file to hijack the official Feiniu NAS system update domains, effectively preventing devices from obtaining system updates and security patches." Expansion of RondoDox's exploit list to 174 different vulnerabilities, while shifting the attack methodology from a "shotgun approach" to more targeted and recent flaws that are more likely to lead to infections. Exploitation of known security vulnerabilities to deploy a new variant of Condi, a Linux malware that turns compromised linux devices into bots capable of conducting DDoS attacks. The binary references a string "QTXBOT," either indicating the name of the forked version or the internal project name. Brute-force attacks against SSH servers to launch an XMRig miner and generate illicit cryptocurrency revenue as part of an active cryptojacking operation called Monaco. Weak SSH passwords have also been used as attack pathways to deploy malware that establishes persistence, kills competing miners, connects to an external server, and performs a ZMap scan to propagate the malware in a worm-like fashion to other vulnerable hosts. "Botnet activity has surged over the last year, with Spauhaus noting 26% and 24% increases in the two six-month periods Jan - Jun 2025 and Jul - Dec 2025, respectively," Pulsedive said. "This increase is associated with bots and nodes appearing in the United States. The increase also stems from the availability of source code for botnets such as Mirai. Mirai offshoots and variants are responsible for some of the largest DDoS attacks by volume." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  botnet, Cloud security, Cryptomining, cybersecurity, ddos, Malware, Open Source, remote code execution Trending News FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits and 20 More Stories CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers and More Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets Popular Resources [Demo] Discover SaaS Risks and Monitor Every App in Your Environment Detect AI-Driven Threats Faster With Full Network Visibility [Guide] Learn How to Govern AI Agents With Proven Market Guidance SANS SEC401: Get Hands On Skills to Detect and Respond to Cyber Threats