How does a tool built to run creative models become a workhorse for clandestine cryptocurrency miners and network proxies? For users and operators of ComfyUI, the answer is unfolding in real time as a campaign hunts exposed instances and converts them into nodes of a botnet.
What happened — the facts
Security observers have documented an active campaign that targets internet‑exposed instances running ComfyUI, a popular stable-diffusion platform, with the intent of enlisting those systems into a cryptocurrency-mining and proxy botnet. The reporting notes that “a purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already” present, according to The Hacker News.
The scale is significant: more than 1,000 exposed ComfyUI instances have been identified as targets in this campaign.
How the operation works (as reported)
- The campaign employs an automated Python-based scanner that probes large cloud IP ranges for ComfyUI instances exposed to the internet.
- When a vulnerable or unprotected instance is found, the actors use ComfyUI-Manager to install malicious nodes, turning those systems into components of a cryptomining and proxy botnet.
- The dual role of the compromised hosts — mining cryptocurrency and acting as proxy infrastructure — suggests the operators seek both direct financial gain and network resources to mask or route other traffic.
Why this matters
At the most basic level, the campaign turns computing resources intended for image-generation workflows into profit engines and network infrastructure for attackers. For cloud customers and administrators, the incident underscores the risks of exposing specialized services directly to the internet. For cloud and platform operators, large-scale scanning across provider ranges highlights an ongoing battleground over how easily automated tooling can find and abuse misconfigured or unprotected instances.
From the adversary perspective, the choice to target ComfyUI instances is practical: the software is widely used, and exposed deployments can offer attractive compute and networking resources. From the user perspective, the consequences include unauthorized use of compute cycles, potential performance degradation of legitimate workloads, and the risk that compromised hosts could be used for additional illicit activity.
Perspectives and unanswered questions
- Technologists will weigh how exposure of niche or specialized services increases attack surface, and whether default configurations or management tooling like ComfyUI-Manager affect the risk.
- Cloud providers and platform maintainers will need to consider how scanning across their IP ranges is detected and mitigated, and how to support customers in locking down externally accessible services.
- End users — researchers, hobbyists, and organizations running ComfyUI — face practical choices about how to balance accessibility and security for model-serving infrastructure.
The reporting documents the mechanics of the operation but leaves broader operational questions open: how many compromised instances are actively mining at any given time, what cryptocurrency is being mined, and whether the proxy capability has been used in other campaigns.
As automated scanners and management tools evolve, so too do the incentives for attackers to repurpose legitimate infrastructure. Will defenders keep pace with the speed of exploitation, or will more benign platforms increasingly serve hidden economies for malicious actors?
Source: https://thehackernews.com/2026/04/over-1000-exposed-comfyui-instances.html
