ADVERTISEMENT

Hackers turn GitHub’s favourite OpenWebUI AI servers into crypto mining zombie army

Popular open-source AI servers were secretly hijacked for more than a year and turned into a silent army of crypto mining machines.

oi hijack
Paulina Okunytė
Paulina Okunytė Senior Journalist
Mar 18, 2026 Updated: 20 March 2026 5 min read

The malware campaign is still ongoing

openwebui malware

OpenWebUI instances unprotected

openwebui malware 2
openwebui malware 3
ADVERTISEMENT
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Cybernews researchers discovered hidden malware

AI servers were hijacked and converted into crypto mining tools

openwebui malware 6
openwebui malware 7

How can you protect your OpenWebUI ecosystem?

  • Ensure that authentication features are enabled and that new signups require administrator approvals.
  • Ensure proper instance isolation by utilizing IP whitelisting and set up a proxy that requires additional authentication for the OpenWebUI API until the issue is addressed by OpenWebUI.
  • Set up monitoring pipelines to detect unauthorized “Tools” uploads and unauthorized models running on your instance.

Investigation timeline


ADVERTISEMENT