Multiple OpenWebUI AI servers infected with cryptominers and infostealers stayed up for over a year

News
By published

The servers were hosting cryptominers and infostealers

Evil Robot Concept and rogue AI risk as robots gone bad and Malicious code and computer malfunction or corrupt machine learning and dangerous artificial intelligence in a 3D illustration elements
(Image credit: Shutterstock)
  • Researchers discovered OpenWebUI 98 instances that lacked any authentication
  • 45 had already been compromised, and 33 showed signs of compromise
  • The infected servers were silently running cryptominers and infostealing malware

A malicious campaign targeting the popular OpenWebUI AI interface has been hijacking AI servers to mine cryptocurrency and steal credentials.

This is according to Cybernews researchers who discovered 98 OpenWebUI instances that lacked any authentication protections.

Additionally, over 2,000 servers were left open to user registrations, allowing anyone to create an account and gain access.

Article continues below

Unprotected AI servers distributing malware

OpenWebUI is a popular open-source interface used by many businesses and individuals to interact with large language models (LLMs) and locally hosted models via a web dashboard.

Of the 98 servers that were found to be without authentication, 45 had already been compromised. A further 33 were experiencing configuration conflicts and system errors, while just 11 were functioning normally without any indicators of compromise.

The infected servers were found to be distributing and running malware used for mining cryptocurrency and stealing sensitive credentials. The malware managed to hide itself from detection by repeatedly reversing byte sequences, decoding Base64 data, and decompressing using Zlib until it was able to deliver the payload.

Additionally, the malware included Discord webhooks that would ping the malware developer every time it compromised a new server.

According to the Cybernews researchers, many of the Python scripts found in compromised servers appeared to show evidence of being AI generated, with inconsistent coding styles and varying complexity levels.

In order to protect OpenWebUI instances from compromise, the researchers recommend taking the following steps:

  • Ensure that authentication features are enabled and that new signups require administrator approvals.
  • Ensure proper instance isolation by utilizing IP whitelisting and set up a proxy that requires additional authentication for the OpenWebUI API until the issue is addressed by OpenWebUI.
  • Set up monitoring pipelines to detect unauthorized “Tools” uploads and unauthorized models running on your instance.
Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.