Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining
Jul 26, 2024
Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed . The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023 . "Unbeknownst to most users, Selenium WebDriver API enables full interaction with the machine itself, including reading and downloading files, and running remote commands," Wiz researchers Avigayil Mechtinger, Gili Tikochinski, and Dor Laska said . "By default, authentication is not enabled for this service. This means that many publicly accessible instances are misconfigured and can be accessed by anyone and abused for malicious purposes." Selenium Grid, part of the Selenium automated testing framework, enables parallel execution of tests across multiple workloads, different bro