Security researchers have identified an active campaign that has compromised more than 1,000 internet-exposed servers running ComfyUI, a popular graphical interface for AI image generation. The attackers are enlisting these vulnerable systems into a dual-purpose botnet for cryptocurrency mining and acting as proxy nodes.

The campaign, which is ongoing, utilizes a purpose-built Python scanner. This tool continuously sweeps major cloud internet protocol (IP) address ranges to locate ComfyUI instances that are publicly accessible without proper security controls.

Attack Methodology and Initial Access

When the scanner identifies a potential target, it attempts to deploy a malicious node automatically. The primary infection vector exploits the ComfyUI-Manager, a widely used plugin for installing custom nodes and workflows. If the system does not already have an exploitable node installed, the scanner forces the installation of a malicious one through this plugin mechanism.

Once established on a host, the malicious payload performs two key functions. First, it operates a cryptocurrency miner, consuming the victim’s computational resources, specifically graphics processing unit (GPU) power, to generate digital currency for the attackers. Second, it sets up a proxy service, turning the compromised machine into a relay point for other malicious traffic, which can be sold or used to obscure the origins of further cyberattacks.

Scope and Impact of the Campaign

The scale of the campaign is significant, with over a thousand instances confirmed as compromised. The targeting of cloud IP ranges suggests the attackers are focusing on misconfigured deployments on services from providers like Amazon Web Services, Google Cloud, and Microsoft Azure. These are often set up by developers or researchers for testing or public demonstration and then left unprotected.

ComfyUI is an open-source project that provides a modular interface for the Stable Diffusion AI image generation model. Its popularity in the AI and machine learning community has made it a frequent target. The ComfyUI-Manager plugin’s functionality, designed for convenience, is being weaponized to gain a foothold on systems.

Recommended Mitigations and Response

Security experts and the maintainers of ComfyUI strongly advise users not to expose their instances directly to the public internet. The standard recommendation is to place the application behind a virtual private network (VPN), a firewall, or an authentication gateway. If public access is absolutely necessary, implementing strong password protection and limiting access to specific IP addresses are critical steps.

Administrators who have exposed ComfyUI instances are urged to check their systems for unauthorized processes, unfamiliar nodes installed via ComfyUI-Manager, and unexpected spikes in GPU or central processing unit (CPU) usage. Isolating affected systems from networks and performing a clean reinstallation may be necessary to remove the threat.

Looking ahead, security analysts expect similar campaigns to continue as attackers seek to monetize poorly secured computational resources, especially those with powerful GPUs valuable for both AI work and cryptomining. The developers of tools like ComfyUI are likely to enhance security warnings and may implement additional safeguards within plugin managers to prevent automated exploitation. Users are advised to treat any internet-exposed service as a high-risk asset requiring proactive security configuration.

Source: Multiple security research reports