Security

Unpatched Ray AI Framework Flaw Exploited to Launch Global Cryptomining Botnet

Critical unauthenticated Ray API access allows threat actors to weaponize compute clusters for self-propagating, illicit cryptojacking.
November 22, 20253 min

The image displays a sophisticated, angular device featuring a metallic silver frame and translucent, flowing blue internal components. A distinct white "1" is visible on one of the blue elements
A granular white substance connects to a granular blue substance via multiple parallel metallic conduits, terminating in embedded rectangular components. This visual metaphorically represents a cross-chain bridge facilitating blockchain interoperability between distinct decentralized network segments

Briefing

The ShadowRay 2.0 campaign is actively exploiting a two-year-old, unpatched critical authentication flaw (CVE-2023-48022) in the Ray open-source AI framework’s API server. This vulnerability grants remote, unauthenticated attackers complete control over exposed compute clusters, immediately compromising the integrity of the underlying infrastructure. The primary consequence is the creation of a self-propagating botnet, which leverages hijacked NVIDIA GPUs to execute the XMRig cryptocurrency miner, transforming enterprise AI infrastructure into a resource-draining, illicit revenue stream, rated with a maximum severity CVSS score of 9.8.

A close-up perspective highlights a translucent, deep blue, organic-shaped material encasing metallic, cylindrical components. The prominent foreground component is a precision-machined silver cylinder with fine grooves and a central pin-like extension

Context

The prevailing security posture for many Ray deployments involved a significant oversight → the API server lacked mandatory authentication, a known design flaw that has persisted for over two years. This exposure created a vast, unmonitored attack surface where the platform’s orchestration capabilities could be easily abused. The incident leveraged this known class of vulnerability → missing access control → to turn a legitimate AI tool into a mechanism for lateral malware deployment.

A chain of glossy white spheres linked by transparent rods extends across a grey background, each sphere encircled by a dynamic cluster of blue and clear crystalline shards radiating light. The composition suggests an abstract representation of interconnected digital entities or processes

Analysis

The attack begins by exploiting the critical missing authentication bug (CVE-2023-48022) in the Ray API server, which allows for remote, unauthenticated arbitrary code execution on the cluster’s head node. This initial compromise enables the threat actor to deploy the XMRig cryptomining payload. Crucially, the attackers then leverage Ray’s native orchestration features to pivot laterally and distribute the malware to non-internet-facing nodes, establishing a self-replicating worm. The operation is designed to eliminate competing miners and establish persistence via a cron job, illustrating a sophisticated, multi-purpose botnet that is now also weaponized for denial-of-service attacks.

A translucent blue device with a smooth, rounded form factor is depicted against a light grey background. Two clear, rounded protrusions, possibly interactive buttons, and a dark rectangular insert are visible on its surface

Parameters

  • Vulnerability Severity → 9.8 CVSS score – The maximum severity rating for the exploited authentication bypass flaw.
  • Vulnerability Age → Two years – The duration the critical flaw (CVE-2023-48022) has remained unpatched in the framework.
  • Malware Payload → XMRig – The specific cryptocurrency miner deployed on compromised GPU clusters.

A high-tech, dark blue device showcases a prominent central brushed metal button and a smaller button on its left. A glowing blue circuit board pattern is visible beneath a transparent layer, with a translucent, wavy data stream flowing over the central button

Outlook

Immediate mitigation requires administrators to patch the Ray framework to the latest version or implement strict network-level access controls to block external access to the Ray API. The second-order effect is a heightened scrutiny on all open-source AI/ML frameworks, establishing a new security best practice that dictates immediate, mandatory authentication for all internal cluster communication and API endpoints. This event underscores that compute-intensive, unauthenticated infrastructure will remain a primary target for cryptojacking operations.

This exploitation of a two-year-old, unpatched critical authentication flaw in a major AI framework proves that systemic security debt in core infrastructure is a persistent and highly profitable vector for large-scale cryptojacking operations.

Authentication flaw, open source security, supply chain risk, critical vulnerability, cryptojacking botnet, remote code execution, unpatched systems, AI infrastructure, GPU mining, lateral movement, self-propagating malware, API server exploit, high severity CVSS, system hijacking, compute resource theft Signal Acquired from → thehackernews.com

Micro Crypto News Feeds

ai infrastructure

Definition ∞ AI infrastructure refers to the foundational hardware and software components necessary for developing, training, and deploying artificial intelligence models.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

code execution

Definition ∞ Code execution is the process by which a computer follows instructions written in a programming language.

framework

Definition ∞ A framework provides a foundational structure or system that can be adapted or extended for specific purposes.

malware

Definition ∞ Malware is malicious software designed to infiltrate and damage computer systems or steal sensitive information.

infrastructure

Definition ∞ Infrastructure refers to the fundamental technological architecture and systems that support the operation and growth of blockchain networks and digital asset services.

Tags:

Tags: