Oligo Security reports on ShadowRay 2.0, a sophisticated cryptojacking campaign exploiting an unpatched vulnerability in the Ray AI framework to turn clusters into self-replicating botnets. Attackers use exposed Ray dashboards to spread malware, perform DDoS attacks, and hijack computing power for illicit mining. #CVE-2023-48022 #RayAI #cryptojacking #DDoS
Keypoints
- The campaign exploits a two-year-old critical vulnerability in the Ray AI framework to hijack GPU clusters.
- Malicious actors use GitLab and GitHub to distribute payloads that spread autonomously across exposed Ray servers.
- The malware is designed to avoid detection by disguising processes and limiting CPU usage.
- The campaign can deploy DDoS attacks, transforming the botnet into a multi-purpose tool for monetization and sabotage.
- More than 230,500 Ray servers are publicly accessible, increasing the risk of exploitation and attack surface exposure.
Read More: https://thehackernews.com/2025/11/shadowray-20-exploits-unpatched-ray.html