Network Security, Threat Intelligence

Selenium Grid misconfiguration leveraged for cryptomining

Share

Internet-accessible instances of the Selenium Grid web app testing framework have been exploited to facilitate the distribution of an updated XMRig cryptomining tool for Monero mining as part of the SeleniumGreed campaign that has been ongoing since April 2023, reports The Hacker News.

Attacks conducted by a still-unknown threat actor involved the delivery of a Python program-executing request to misconfigured Selenium Grid instances to eventually deliver the modified XMRig miner, which had its TLS fingerprint capability integrated within its runtime-generated pool IP, an analysis for Wiz revealed. With over 30,000 Selenium Grid implementations susceptible to potential attacks, immediate disconnection of instances from the internet was recommended. "Selenium Grid is not designed to be exposed to the internet and its default configuration has no authentication enabled, so any user that has network access to the hub can interact with the nodes via API. This poses a significant security risk if the service is deployed on a machine with a public IP that has inadequate firewall policy," said Wiz researchers.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.