What is the role of ComfyUI-Manager in this cryptomining botnet campaign?

In this cryptomining botnet campaign, ComfyUI-Manager plays a critical role as an exploitation vector for installing malicious nodes on compromised systems. ComfyUI-Manager is a component of the ComfyUI platform that manages nodes and extensions, and attackers are exploiting vulnerabilities within it to automate the deployment of harmful software. When the attackers' scanner identifies an exposed ComfyUI instance, it uses these vulnerabilities to inject malicious code through ComfyUI-Manager, bypassing security measures and establishing persistent access. This allows the botnet to install nodes that perform cryptocurrency mining and proxy functions, effectively turning the instance into part of a distributed network for illicit activities. The exploitation highlights the importance of securing such management tools, as they can become gateways for large-scale attacks. Users should update ComfyUI-Manager to the latest version, restrict its access, and audit installed nodes regularly to mitigate risks.

📖 Read the full article: Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign