(Crypto)Miner loaded when starting A1111
Published:Dec 28, 2025 23:52
•1 min read
•r/StableDiffusion
Analysis
The article describes a user's experience with malicious software, specifically crypto miners, being installed on their system when running Automatic1111's Stable Diffusion web UI. The user noticed the issue after a while, observing the creation of suspicious folders and files, including a '.configs' folder, 'update.py', random folders containing miners, and a 'stolen_data' folder. The root cause was identified as a rogue extension named 'ChingChongBot_v19'. Removing the extension resolved the problem. This highlights the importance of carefully vetting extensions and monitoring system behavior for unexpected activity when using open-source software and extensions.
Key Takeaways
- •Users should be vigilant about the extensions they install for Stable Diffusion and other software.
- •Unexplained system behavior, such as the creation of suspicious files and folders, should be investigated.
- •Regularly check the extension folder for any unauthorized or suspicious additions.
Reference
“I found out, that in the extension folder, there was something I didn't install. Idk from where it came, but something called "ChingChongBot_v19" was there and caused the problem with the miners.”