ComfyUI Instances Targeted by Cryptomining Botnet – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Over 1,000 ComfyUI Instances Hit by Cryptomining Botnet

More than 1,000 exposed ComfyUI instances have been targeted by a cryptomining botnet campaign. Attackers are exploiting these systems to mine cryptocurrency, leading to resource degradation and increased operational costs for affected users.

Over 1,000 ComfyUI Instances Hit by Cryptomining Botnet

Over 1,000 ComfyUI Instances Hit by Cryptomining Botnet

A recent cybersecurity alert highlights a widespread campaign targeting over 1,000 publicly exposed ComfyUI instances. Threat actors are exploiting these vulnerable systems to deploy cryptomining botnets, turning victims' computational resources into profit for the attackers.

What is ComfyUI?

ComfyUI is a powerful and flexible node-based graphical user interface for Stable Diffusion and other AI art generation models. Due to its resource-intensive nature, many users host ComfyUI on dedicated servers or cloud instances, making them attractive targets for malicious actors seeking computational power.

The Nature of the Attack

The campaign focuses on instances of ComfyUI that are exposed to the public internet, likely due to misconfigurations, open ports, or lack of proper authentication. Once compromised, these instances are infected with malware that silently mines cryptocurrencies, typically Monero, using the victim's CPU and GPU resources.

Has your email been leaked? Check for free — results in seconds.

Check Now →

Impact on Users

Users and organizations operating these ComfyUI instances face several critical issues:

  • Performance Degradation: Cryptomining consumes significant CPU/GPU cycles, severely slowing down legitimate ComfyUI operations.
  • Increased Costs: For cloud-hosted instances, the surge in resource usage directly translates to higher billing for compute and potentially bandwidth.
  • Security Risk: A compromised system can be a gateway for further attacks, potentially leading to data exfiltration or the deployment of other malicious payloads.
  • System Instability: Overloaded systems can become unstable, crash, or experience unexpected downtime.

Mitigation and Prevention

To protect against such attacks, ComfyUI users are strongly advised to:

  • Ensure ComfyUI instances are not unnecessarily exposed to the public internet.
  • Implement strong authentication and access controls.
  • Regularly patch and update all underlying operating systems and software.
  • Monitor system resource usage for unusual spikes in CPU/GPU activity.
  • Conduct security audits of their network configurations.

Source

https://thehackernews.com/2026/04/over-1000-exposed-comfyui-instances.html

Share This Article
X LinkedIn WhatsApp
← Previous Post German Police Unmask REvil Ransomware Leader Next Post → GrafanaGhost: New Attack Method Leaks Enterprise Data via Grafana

Weekly Newsletter

Curated data breach news delivered to your inbox every week.