1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Multiple OpenWebUI AI servers infected with cryptominers and info

    From TechnologyDaily@1337:1/100 to All on Friday, March 20, 2026 15:15:26
    Multiple OpenWebUI AI servers infected with cryptominers and infostealers stayed up for over a year

    Date:
    Fri, 20 Mar 2026 15:00:00 +0000

    Description:
    Almost 100 OpenWebUI instances had no authentication, leaving them open to abuse by anyone.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter Sign up for
    breaking news, reviews, opinion, top tech deals, and more. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter Researchers discovered OpenWebUI 98 instances that lacked any authentication 45 had already been compromised, and 33 showed signs of compromise The infected servers were silently running cryptominers and infostealing malware
    A malicious campaign targeting the popular OpenWebUI AI interface has been hijacking AI servers to mine cryptocurrency and steal credentials.

    This is according to Cybernews researchers who discovered 98 OpenWebUI instances that lacked any authentication protections. Additionally, over
    2,000 servers were left open to user registrations, allowing anyone to create an account and gain access. Article continues below You may like Over 175,000 publicly exposed Ollama AI servers discovered worldwide - so fix now Hackers are going after top LLM services by cracking misconfigured proxies This WebUI vulnerability allows remote code execution - here's how to stay safe Unprotected AI servers distributing malware OpenWebUI is a popular
    open-source interface used by many businesses and individuals to interact
    with large language models (LLMs) and locally hosted models via a web dashboard.

    Of the 98 servers that were found to be without authentication, 45 had
    already been compromised. A further 33 were experiencing configuration conflicts and system errors, while just 11 were functioning normally without any indicators of compromise.

    The infected servers were found to be distributing and running malware used for mining cryptocurrency and stealing sensitive credentials. The malware managed to hide itself from detection by repeatedly reversing byte sequences, decoding Base64 data, and decompressing using Zlib until it was able to deliver the payload.

    Additionally, the malware included Discord webhooks that would ping the malware developer every time it compromised a new server. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    According to the Cybernews researchers, many of the Python scripts found in compromised servers appeared to show evidence of being AI generated, with inconsistent coding styles and varying complexity levels.

    In order to protect OpenWebUI instances from compromise, the researchers recommend taking the following steps : Ensure that authentication features
    are enabled and that new signups require administrator approvals. Ensure proper instance isolation by utilizing IP whitelisting and set up a proxy
    that requires additional authentication for the OpenWebUI API until the issue is addressed by OpenWebUI. Set up monitoring pipelines to detect unauthorized Tools uploads and unauthorized models running on your instance. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/multiple-openwebui-ai-servers-infected- with-cryptominers-and-infostealers-stayed-up-for-over-a-year


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)