cryptomining
-
Over 1,000 exposed ComfyUI instances targeted in crypto mining botnet campaign
A Censys technical analysis says more than 1,000 exposed ComfyUI instances are being scanned and infected in a campaign that installs crypto miners, a proxy botnet and persistence tools through unsafe custom nodes.
-
Researchers track fake installer campaign tied to cryptominers and RATs
A fake-installer campaign tracked as REF1695 has spread RATs and cryptominers since November 2023, with researchers estimating at least 27.88 XMR in proceeds. The operation also used ISO lures, Defender evasion and GitHub-hosted payloads.
-
Self‑replicating botnet abuses Ray clusters to mine cryptocurrency, steal data and launch DDoS attacks
Researchers say a campaign called ShadowRay 2.0 has been exploiting internet‑facing Ray clusters using CVE‑2023‑48022 and Ray’s orchestration features to spread a self‑replicating botnet that mines cryptocurrency, steals proprietary data and launches DDoS attacks, with attackers targeting large GPU environments and using automated discovery and multi‑stage payloads.
-
Malicious Open VSX extension delivers SleepyDuck RAT and uses Ethereum contract for fallback control
Researchers warned that a malicious Open VSX extension, juan-bianco.solidity-vlang, installs a SleepyDuck remote access trojan that uses an Ethereum smart contract and a fallback RPC mechanism to update its command-and-control details.
