Malicious Campaign Targets OpenWebUI for Cryptocurrency Mining

Researchers from Cybernews identified a malicious campaign targeting OpenWebUI, a widely used open-source web interface for interacting with large language models (LLMs) such as ChatGPT or locally hosted models like Ollama. The attack involved cryptocurrency miners compromising 98 instances of OpenWebUI, with the activity persisting for over a year. No specific dates, CVE IDs, or technical exploitation methods were disclosed in the report. The impacted systems were used to illicitly mine cryptocurrency by hijacking computational resources. The campaign highlights risks associated with unsecured open-source AI infrastructure deployments.