Cryptomining Campaign Exploiting Grid Services
released on 2024-07-30 @ 03:45:06 PM
Wiz researchers discovered an ongoing threat campaign, dubbed 'SeleniumGreed', that exploits exposed Selenium Grid services for cryptomining. The campaign targets publicly accessible instances of Selenium Grid, an integral component of the widely used Selenium testing framework. By leveraging features of Selenium WebDriver API, the threat actor executes remote commands, deploys a modified XMRig miner, and employs various techniques to evade detection and maximize mining efforts.