ShadowRay 2.0 Takes Advantage of an Unresolved Ray Vulnerability to Create a Self-Replicating GPU Cryptomining Botnet.

Oligo Security has issued a warning regarding ongoing attacks that exploit a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework. This vulnerability allows infected clusters with NVIDIA GPUs to be transformed into a self-replicating cryptocurrency mining botnet, known as ShadowRay 2.0. The attack primarily takes advantage of a critical missing authentication bug (CVE-2023-48022, CVSS score: 9.8), enabling attackers to seize control of vulnerable instances and hijack their computing power for illicit cryptocurrency mining using XMRig. The flaw remains unpatched due to a “long-standing design decision” aligned with Ray’s development best practices, which necessitate operation within an isolated network and reliance on trusted code.

The campaign involves submitting malicious jobs to an unauthenticated Ray Job Submission API (“/api/jobs/”) on exposed dashboards, with commands ranging from simple reconnaissance to complex multi-stage Bash and Python payloads. Compromised Ray clusters are then utilised in spray-and-pray attacks to distribute these payloads to other Ray dashboards, effectively creating a worm that spreads from one victim to another. The attackers have leveraged platforms like GitLab and GitHub to deliver the malware, using repository names such as “ironern440-group” and “thisisforwork440-ops.” Although these accounts are no longer accessible, the cybercriminals have demonstrated resilience by quickly establishing new GitHub accounts to continue their operations.