New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
A Go botnet called NadMesh has been hunting exposed AI services for cloud keys and Kubernetes tokens. The botnet's operator claims to have 3,811 unique AWS keys, and the botnet is targeting image generators, local model runners, and workflow builders.
Intelligence analysis by Llama

The NadMesh botnet is a Go botnet that is hunting exposed AI services for cloud keys and Kubernetes tokens. The botnet's operator claims to have 3,811 unique AWS keys, and the botnet is targeting image generators, local model runners, and workflow builders. The botnet is using a scanning feed that resamples subnets that produce hits every five minutes and flags IPs flagged dangerous i…
The NadMesh botnet is a type of computer program that is designed to find and steal sensitive information from computers. It works by scanning the internet for computers that have sensitive information exposed, and then it tries to steal that information. The botnet is like a big team of computers working together to find and steal sensitive information.
Analysis
A New Botnet in Town
The NadMesh botnet is a Go botnet that has been making headlines in recent days due to its targeting of exposed AI services for cloud keys and Kubernetes tokens. The botnet's operator claims to have 3,811 unique AWS keys, which is a significant concern for cloud security.
How the Botnet Works
The NadMesh botnet uses a scanning feed that resamples subnets that produce hits every five minutes. This means that the botnet is constantly scanning for new targets and adapting its strategy to evade detection. The botnet also flags IPs flagged dangerous in the last 24 hours for rescanning every quarter hour, which suggests that the operator is aware of researchers watching the botnet.
What the Botnet is After
The NadMesh botnet is after cloud keys pulled out of environment variables, k8s service account tokens, and the contents of ~/.aws/config, .env, and ~/.docker/config.json. The botnet is also targeting model access and callable MCP tools. The operator's scoreboard does not count the thing the operator is taking, which suggests that the botnet is designed to evade detection.
The Botnet's Persistence
The NadMesh botnet persists in three ways at once, which makes it difficult to remove. The botnet uses Garble obfuscation, UPX -9 packing, and random padding, which means that no two agents share a hash. This makes it difficult to detect and remove the botnet.
What You Can Do
To protect yourself from the NadMesh botnet, you should get exposed services and admin functionality behind auth or off the public internet. This includes ports 8188 (ComfyUI), 11434 (Ollama), 7860 (Gradio), and 5678 (n8n). You should also check the drop paths: ~/.ssh/authorized_keys, for keys nobody remembers adding /dev/shm/.a, /va
Key points
- The NadMesh botnet is a Go botnet that is targeting exposed AI services for cloud keys and Kubernetes tokens.
- The botnet's operator claims to have 3,811 unique AWS keys.
- The botnet is using a scanning feed that resamples subnets that produce hits every five minutes.
- The botnet is targeting image generators, local model runners, and workflow builders.
- The botnet is using Garble obfuscation, UPX -9 packing, and random padding to evade detection.
If the NadMesh botnet is detected and removed, it could prevent further attacks and protect sensitive information. Additionally, if the botnet's operator is caught and prosecuted, it could serve as a deterrent to others who might try to create similar botnets.
If the NadMesh botnet is not detected and removed, it could continue to steal sensitive information and cause significant harm. Additionally, if the botnet's operator is able to evade detection and continue to operate, it could lead to further attacks and compromise of sensitive information.



