What is ComfyUI and why is it targeted?

ComfyUI's a node-based UI for Stable Diffusion AI image gen. Attackers love its exposed cloud instances—easy RCE via custom nodes, perfect for mining bots.

How can I secure my ComfyUI setup?

Authenticate it fully, firewall public access, audit custom nodes, disable ComfyUI-Manager auto-installs. Run behind VPN.

Is this botnet just about mining or more?

Mining Monero/Conflux upfront, but Hysteria V2 turns hosts into rentable proxies. C2 hints at payload flexibility.

🦠 Ransomware & Malware

Hackers Hijack 1,000 ComfyUI Servers for a Stealthy Crypto Mining Empire

What if your AI image generator was secretly mining crypto for hackers? A new botnet's turning exposed ComfyUI servers into a profit machine, exploiting custom nodes with ruthless efficiency.

Threat Digest Apr 07, 2026 4 min read

Infographic showing Python scanner exploiting ComfyUI custom nodes for botnet takeover

⚡ Key Takeaways

Over 1,000 exposed ComfyUI instances exploited via custom node RCE for cryptomining and proxy botnets. 𝕏
Attackers use Python scanners, auto-install malicious nodes, and advanced persistence like immutable binaries. 𝕏
This signals AI tools becoming prime botnet targets, echoing Mirai-era IoT vulnerabilities. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Censys report #ComfyUI botnet #ComfyUI exploit #Stable Diffusion exploit #XMRig Monero #XMRig malware #cryptomining botnet #cryptomining campaign #custom node exploit #remote code execution

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Flowise's RCE Nightmare: 15,000 Exposed Servers in Hackers' Sights

Qilin and Warlock's BYOVD Assault: Silencing 300+ EDRs in the Kernel

Storm-1175's 16-Vulnerability Blitz Powers Medusa Ransomware Onslaught

Germany Names REvil and GandCrab Boss: Meet Daniil Shchukin

Stay in the loop