Selenium Greed: ongoing cyber attack targets exposed Selenium Grid services

By Aj Wilson

A new security flaw was identified this week in Selenium Grid, a widely-used tool by software testers for running tests concurrently across various browsers and environments. This breach has sparked major worries among testers regarding the safety and dependability of their testing setups.

So what? The IP address in question is said to belong to a legitimate service that has been compromised by the threat actor, as it has also been found to host a publicly exposed Selenium Grid instance.

• Exactly who is behind the attack campaign is currently not known despite all the Korea rumours flying around.?
• However, it involves the threat actor targeting publicly exposed instances of Selenium Grid and making use of the WebDriver API to run Python code responsible for downloading and running an XMRig miner ?(for Monero mainly)
• The cloud security company Wiz has named the ongoing activity SeleniumGreed (love it) and is monitoring it closely
• This hack campaign is directed at older versions of Selenium (3.141.59 and earlier) and is thought to have been active since at least April 2023
• For anyone now panicking to change their verison, there are also some other guides below

Why bother? Software testers widely use Selenium Grid to guarantee cross-browser compatibility and efficient parallel test execution. Since authentication is not enabled by default, many publicly accessible instances of this service are misconfigured, leaving them vulnerable to unauthorised access and malicious exploitation. A security breach in this tool could pose major risks;

Compromised Test Data: Unauthorised access to test data might expose sensitive information Manipulated Test Results: Attackers could modify test outcomes, undermining the reliability of the results Service Disruptions: Exploiting this flaw could disrupt the testing pipeline, causing delays in the development workflow

What's more…Through vigilance and the implementation of certain measures, software testers can securely and reliably use Selenium Grid in their testing environments. But we need to remember:

• Safeguard: Maintain and protect your testing environment; ensure your tools are up-to-date
• Stay Informed: Keep updated with the latest security advisories and updates for testing tools
• Regular Audits: Perform frequent security audits on your testing infrastructure
• Incident Response Plan: Create and sustain a strong incident response plan to promptly handle any security breaches

Resources

• Protecting unsecured selenium grid
• MoT's Security Testing Collection
• MoT's Selenium Collection
• For help on how to enable basic authentication and protect Selenium Grids from unauthorised external access, follow the service’s official guidelines here
• MoT Podcasts (for Selenium conversations)

?? Read Aj's Trend Byte article and other articles on many testing topics over at the Ministry of Testing site.

"As Head of Testing, I am responsible for the professional development of my people and have MoT Team Membership to support this. I want to have a good atmosphere and up-to-date information for the exchange. The TestBash conferences and the software testing content are excellent sources for this. Great speakers and the latest content and news from the testing community!" - Sven Schirmer

Support your testing and quality team with Ministry of Testing Pro Membership

"Ministry of Testing is the one-stop shop for everything testing." - Ashutosh Mishra

Discover what's happening in the testing community every week by subscribing to the Ministry of Testing newsletter