A threat actor exploited a misconfigured instance of Open WebUI, a popular self-hosted AI interface, to execute a series of attacks, emphasizing the vulnerabilities of exposed AI tools. The oversight allowed attackers to gain administrative access, injecting malicious AI-generated Python scripts that deployed cryptominers and infostealer malware across both Linux and Windows systems.
The Linux attack involved sophisticated techniques to hide cryptominers, utilizing tools like “processhider” for defense evasion and a deceptive service for persistence. In contrast, the Windows attack used a malicious Java JAR file that triggered further malware installations targeting sensitive data like Chrome extensions and Discord tokens.
Detection efforts by Sysdig Secure highlighted the low visibility of the threats, revealing the complexities and risks posed by misconfigured AI systems. This incident serves as a critical warning about the need for robust security measures to protect vulnerable AI tools from similar exploits.
Source link
