Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Selenium Grid Under Siege: Hackers Exploit for Crypto Mining and Proxyjacking Mayhem
Internet-exposed Selenium Grid instances are being abused for crypto mining and proxyjacking. The default lack of authentication makes them vulnerable, leading to malicious scripts and cryptocurrency miners being deployed. Ensure authentication is configured to prevent exploitation.
Hot Take:
Who knew your browser testing tool could moonlight as a crypto miner and proxy network? Looks like Selenium Grid needs an acting coach… for authentication!
Key Points:
- Publicly-exposed Selenium Grid instances lack default authentication, making them a target for cybercriminals.
- Threat actors are using Selenium Grid to deploy crypto miners and proxyjacking campaigns.
- Two distinct attack campaigns have been identified: one uses a Base64-encoded Python script, and the other employs a Golang-based ELF binary.
- Tools like IPRoyal Pawn and EarnFM are used to exploit internet connections for financial gain.
- Organizations are urged to enable authentication on Selenium Grid to prevent such abuses.
Already a member? Log in here