Threat actors exploit a Selenium Grid misconfiguration to deploy a modified XMRig tool for mining Monero. Selenium Grid, an open-source framework for web app testing, automates testing across machines and browsers, widely used in cloud environments with over 100 million pulls on Docker Hub.
Tests are distributed from a central hub to nodes via API for execution, featuring various OS, browser, and environment setups. Dubbed "SeleniumGreed" by Wiz cloud security researchers, the ongoing malicious activity exploits the service's default configuration lacking authentication, active for over a year. Read more...
