- Researchers discovered OpenWebUI 98 instances that lacked any authentication
- 45 had already been compromised and 33 showed signs of compromise
- The infected servers silently ran cryptominers and info-stealing malware
A malicious campaign targeting the popular OpenWebUI AI interface has hijacked AI servers to mine cryptocurrency and steal credentials.
This is according to Cybernews researchers who discovered 98 OpenWebUI instances that lacked any authentication protection.
In addition, over 2,000 servers were left open for user registrations, allowing anyone to create an account and gain access.
The article continues below
Unprotected AI servers distributing malware
OpenWebUI is a popular open source interface used by many companies and individuals to interact with large language models (LLMs) and locally hosted models via a web dashboard.
Of the 98 servers found to be unauthenticated, 45 had already been compromised. Another 33 experienced configuration conflicts and system failures, while only 11 operated normally without any indicators of compromise.
The infected servers were found to distribute and run malware used to mine cryptocurrency and steal sensitive credentials. The malware managed to hide itself from detection by repeatedly reversing byte sequences, decoding Base64 data and decompressing using Zlib until it was able to deliver the payload.
In addition, the malware included Discord webhooks that would ping the malware developer every time it compromised a new server.
According to the Cybernews researchers, many of the Python scripts found on compromised servers appeared to show signs of being AI-generated, with inconsistent coding styles and varying levels of complexity.
To protect OpenWebUI instances from compromise, the researchers recommend taking the following steps:
- Ensure that authentication features are enabled and that new sign-ups require administrator approvals.
- Ensure proper instance isolation by using IP whitelisting and set up a proxy that requires additional authentication to the OpenWebUI API until the issue is resolved by OpenWebUI.
- Configure monitoring pipelines to detect unauthorized “Tools” uploads and unauthorized models running on your instance.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
