- Researchers discovered instances of OpenWebUI 98 that lacked authentication
- 45 had already been committed and 33 showed signs of commitment
- The infected servers were silently running cryptominers and stealing malicious information.
A malicious campaign targeting the popular OpenWebUI AI interface has been hijacking AI servers to mine cryptocurrency and steal credentials.
This is according to Cybernews researchers who discovered 98 OpenWebUI instances that lacked authentication protection.
Additionally, over 2,000 servers were left open for user registration, allowing anyone to create an account and gain access.
Article continues below.
Unprotected AI servers distributing malware
OpenWebUI is a popular open source interface used by many companies and individuals to interact with large language models (LLMs) and locally hosted models through a web dashboard.
Of the 98 servers that were found without authentication, 45 had already been compromised. Another 33 were experiencing configuration conflicts and system errors, while only 11 were functioning normally without any indicators of compromise.
The infected servers were found to distribute and execute malware used to mine cryptocurrency and steal sensitive credentials. The malware managed to hide from detection by repeatedly reversing byte sequences, decoding Base64 data, and decompressing using Zlib until it was able to deliver the payload.
Additionally, the malware included Discord webhooks that pinged the malware developer each time it compromised a new server.
According to Cybernews researchers, many of the Python scripts found on compromised servers appeared to show evidence of having been generated by AI, with inconsistent coding styles and varying levels of complexity.
To protect OpenWebUI instances from compromise, the researchers recommend taking the following steps:
- Ensure that authentication features are enabled and that new registrations require administrator approval.
- Ensure proper isolation of the instance using IP whitelisting and configure a proxy that requires additional authentication for the OpenWebUI API until OpenWebUI resolves the issue.
- Configure monitoring channels to detect unauthorized “Tools” loads and unauthorized models running on your instance.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
