- Researchers discovered OpenWebUI 98 instances lacking any authentication
- 45 had already been compromised and 33 showed signs of compromise
- Infected servers were silently running cryptominers and information-stealing malware.
A malicious campaign targeting the popular OpenWebUI AI interface has hijacked AI servers to mine cryptocurrency and steal credentials.
This is according to Cybernews researchers who discovered 98 OpenWebUI instances lacking authentication protection.
Additionally, over 2,000 servers were left open for user registration, allowing anyone to create an account and gain access.
Article continues below
Unprotected AI servers distributing malware
OpenWebUI is a popular open source interface used by many businesses and individuals to interact with large language models (LLMs) and locally hosted models through a web dashboard.
Of the 98 servers detected without authentication, 45 had already been compromised. Another 33 faced configuration conflicts and system errors, while only 11 were operating normally with no indicators of compromise.
The infected servers were found to distribute and run malware used to mine cryptocurrencies and steal sensitive credentials. The malware managed to hide from detection by repeatedly reversing byte sequences, decoding the Base64 data, and decompressing it using Zlib until it was able to deliver the payload.
Additionally, the malware included Discord webhooks that pinged the malware developer every time it compromised a new server.
According to Cybernews researchers, many of the Python scripts found on the compromised servers appeared to have been generated by AI, with inconsistent coding styles and varying levels of complexity.
To protect OpenWebUI instances from compromise, researchers recommend taking the following steps:
- Make sure authentication features are enabled and that new registrations require administrator approval.
- Ensure proper instance isolation using IP whitelisting and configure a proxy that requires additional authentication for the OpenWebUI API until the issue is resolved by OpenWebUI.
- Configure monitoring pipelines to detect unauthorized “tool” downloads and unauthorized models running on your instance.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
