Listen to this Post
Introduction: When AI Infrastructure Becomes a Cybercrime Playground
Artificial intelligence tools are rapidly becoming the backbone of modern innovation, but with that growth comes an expanding attack surface. One of the latest threats highlights how even niche AI platforms can be weaponized at scale. A growing cybercriminal campaign is now targeting exposed ComfyUI servers, transforming powerful GPU-driven systems into covert engines for profit. What makes this attack particularly dangerous is its stealth, persistence, and ability to operate entirely in memory, leaving almost no trace behind.
Summary: A Silent Takeover of AI Compute Power
Hackers have launched a widespread campaign targeting publicly exposed ComfyUI servers, exploiting weaknesses in their custom node ecosystem. These servers, often running on high-performance cloud GPUs, are widely used by developers and researchers for AI workflows. By scanning major cloud providers such as AWS, GCP, and Oracle Cloud, attackers continuously search for vulnerable instances, with over 1,000 already exposed online.
Once a target is identified, attackers deploy a powerful Python-based tool known as the “ComfyUI Eternal Agent,” which allows them to execute arbitrary code remotely. The core vulnerability lies in the platform’s extensibility. ComfyUI allows users to install custom nodes to enhance functionality, but some of these nodes unintentionally accept raw Python input, effectively creating open doors for remote code execution when not properly secured.
After gaining access, the attackers deploy a secondary payload called “Ghost,” a sophisticated fileless malware loader. This malware installs cryptocurrency miners, including XMRig for Monero mining on CPUs and lolMiner for GPU-based Conflux mining. By leveraging both CPU and GPU resources, attackers maximize profits from each compromised system.
To remain undetected, the malware operates entirely in memory using Linux system calls, avoiding disk writes that traditional security tools rely on for detection. If root privileges are obtained, the malware escalates its stealth by injecting a custom shared library into the system, effectively hiding malicious processes from monitoring tools.
The operation goes beyond simple exploitation. The attackers actively compete with rival cybercriminal groups. Their malware includes a “kill list” of over 100 competing mining processes and even targets a rival botnet known as Hisana. Instead of shutting it down, the attackers cleverly hijack its operations, redirecting mining rewards to their own wallets while blocking its command infrastructure.
Infrastructure analysis reveals that this threat actor is highly experienced, with activity spanning multiple platforms including DigitalOcean, AWS, and networks associated with China Mobile. Their tools and tactics continue to evolve, demonstrating a persistent and well-organized cybercriminal enterprise focused on monetizing AI infrastructure.
What Undercode Say: The Bigger Picture Behind AI-Focused Attacks
The rise of attacks targeting ComfyUI is not an isolated incident but part of a broader trend where emerging technologies become prime targets before security standards catch up. AI platforms, especially those designed for flexibility and rapid experimentation, often prioritize usability over hardened security. This creates an ideal environment for attackers who thrive on misconfigurations and exposed services.
One critical issue is the concept of “trusted extensibility.” Platforms like ComfyUI rely on community-driven plugins or nodes, which can introduce significant risk if not properly sandboxed. The ability to execute raw Python code is powerful for developers but equally powerful for attackers. This dual-use nature is increasingly becoming a central challenge in AI security.
Another key insight is the attackers’ strategic focus on high-end GPUs. Unlike traditional botnets that rely on massive numbers of low-power devices, this campaign targets fewer but significantly more powerful machines. A single compromised GPU server can generate far more revenue than hundreds of infected personal computers. This shift reflects a more efficient and targeted cybercrime model.
The use of fileless malware marks a significant evolution in evasion techniques. By operating entirely in memory, attackers bypass many conventional detection mechanisms. This forces defenders to adopt more advanced monitoring approaches, such as behavioral analysis and memory forensics, rather than relying solely on file-based detection.
The competitive aspect of this campaign is also noteworthy. Cybercriminals are no longer just fighting defenders; they are actively fighting each other. The inclusion of mechanisms to kill or hijack rival malware indicates a mature underground ecosystem where control over resources is fiercely contested. This mirrors legitimate industries where competition drives innovation, albeit in a malicious context.
Additionally, the attacker’s infrastructure reuse across multiple campaigns suggests a long-term operation rather than a short-lived exploit. Their presence in previous large-scale attacks, including worm campaigns, highlights their adaptability and experience. This persistence makes them particularly dangerous, as they continuously refine their techniques based on past successes.
From a defensive standpoint, this campaign underscores the importance of securing AI environments with the same rigor applied to traditional production systems. Exposing services without authentication, failing to validate plugin behavior, and neglecting runtime monitoring are no longer minor oversights—they are direct invitations for exploitation.
Ultimately, this attack is a wake-up call for the AI community. As AI tools become more powerful and widely adopted, they also become more attractive to cybercriminals. The responsibility now lies with developers, cloud providers, and users to ensure that innovation does not outpace security.
Fact Checker Results
✅ ComfyUI servers exposed to the internet can enable remote code execution via unsafe custom nodes.
✅ Fileless malware techniques using in-memory execution are increasingly used in modern cyberattacks.
❌ No public evidence confirms the exact number of infected systems beyond observed scanning estimates.
Prediction
🔮 AI infrastructure will become one of the top three targets for cryptomining malware within the next two years.
⚠️ Fileless attacks will dominate future campaigns, making traditional antivirus tools less effective.
🚀 Platforms like ComfyUI will likely introduce stricter security controls and sandboxing for custom nodes very soon.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.facebook.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
