Security News > 2024 > July > Misconfigured Selenium Grid servers abused for Monero mining
Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency.
Selenium Grid is open-source and enables developers to automate testing across multiple machines and browsers.
According to Wiz research, Selenium Grid does not have an authentication mechanism active by default.
Selenium warns of the risks of internet-exposed instances in its documentation, advising those needing remote access to prevent unauthorized access by setting up a firewall.
To evade detection, the attackers often used compromised Selenium node workloads as intermediate command and control servers for subsequent infections and also as mining pool proxies.
"Any version of the Selenium Grid service that lacks proper authentication and network security policies is vulnerable to remote command execution," Wiz says in the report.