Discover how Selenium Grid instances are under attack for cryptocurrency mining and proxyjacking schemes.
Cado Security researchers Tara Gould and Nate Bill discuss in their recent analysis how Selenium Grid, a server used for running test cases across different browsers simultaneously, is being exploited due to its lack of default authentication measures.
Earlier identified by Wiz as part of SeleniumGreed, the misused instances of Selenium Grid are being targeted by threat actors to deploy crypto miners. Cado has detected two separate campaigns on its honeypot server, both taking advantage of the lack of authentication.
