Hackers call this an ideological protest, but what does this have to do with ordinary users?
The hacker group Nullbulge, which allegedly opposes "AI art", hacked users of the popular ComfyUI interface for working with the Stable Diffusion neural network to create images. The attackers distributed a malicious ComfyUI_LLMVISION extension through Github, which allowed them to access user data.
ComfyUI is a widely distributed open source GUI for Stable Diffusion, hosted on Github, and greatly facilitates the generation and modification of AI images. The hacked ComfyUI_LLMVISION extension made it possible to integrate the powerful GPT-4 and Claude 3 language models into the same program. Initially, it was legitimate.
The ComfyUI_LLMVISION page on Github is currently unavailable, but the archived version dated June 9 states that it was "COMPROMISED by THE NULLBULGE GROUP". "Perhaps you should take a closer look at us and think carefully before releasing AI tools through such a poorly protected account," reads the ironic message from the hackers.
The archived version of the page dated May 25 shows that the tool was quite popular and actively used — 42 stars, 4 forks and 12 commits. On their website, hackers claim that they exploited ComfyUI_LLMVISION for many months, and took control of it even before the creator published the extension. It seems that the malicious code was integrated into the program from the very beginning, which means that absolutely all the people who used it were at risk.
The Github administration has not yet commented on the situation.
On the ComfyUI theme subreddit, one of the users shared his story: "I myself suffered from this attack. About a week after installing the ill-fated extension, I received a lot of notifications about suspicious attempts to log in to my accounts on various services. Therefore, I am absolutely sure that hackers are actively using the stolen data."
On their website, Nullbulge members also published a list of what they call login credentials for various accounts of hundreds of users.
vpnMentor, a company that offers VPN services and conducts cybersecurity research to promote its product, analyzed the hacked extension. According to them, it can steal cryptocurrency wallets, take screenshots of users ' screens, disclose information about devices and IP addresses, and steal files containing certain keywords or applications.
The site of Nullbulge itself is also currently unavailable, but in its archived version there is an "About us" section that reads: "We are a collective of people who are convinced of the importance of protecting the rights of artists and ensuring fair remuneration for their work."
Another section on the main page is titled: "You hacked me/us/my website! Why?". It says:
"We are sorry that we had to do this to you, but we only do it if you have committed one of the following acts that we consider 'sins': stealing works of art, promoting cryptocurrencies, using AI-generated art, stealing content from Patreon or other platforms that support artists, and as well as any other forms of encroachment on the rights of creators."
It remains unclear whether the hackers in this case are really guided by ideological beliefs or if this is just a cover-up. Regardless of the true motive, the attack on ComfyUI_LLMVISION once again highlights the serious risks of using free software from Github, supported by individuals or small groups of open source developers.
The hacker group Nullbulge, which allegedly opposes "AI art", hacked users of the popular ComfyUI interface for working with the Stable Diffusion neural network to create images. The attackers distributed a malicious ComfyUI_LLMVISION extension through Github, which allowed them to access user data.
ComfyUI is a widely distributed open source GUI for Stable Diffusion, hosted on Github, and greatly facilitates the generation and modification of AI images. The hacked ComfyUI_LLMVISION extension made it possible to integrate the powerful GPT-4 and Claude 3 language models into the same program. Initially, it was legitimate.
The ComfyUI_LLMVISION page on Github is currently unavailable, but the archived version dated June 9 states that it was "COMPROMISED by THE NULLBULGE GROUP". "Perhaps you should take a closer look at us and think carefully before releasing AI tools through such a poorly protected account," reads the ironic message from the hackers.
The archived version of the page dated May 25 shows that the tool was quite popular and actively used — 42 stars, 4 forks and 12 commits. On their website, hackers claim that they exploited ComfyUI_LLMVISION for many months, and took control of it even before the creator published the extension. It seems that the malicious code was integrated into the program from the very beginning, which means that absolutely all the people who used it were at risk.
The Github administration has not yet commented on the situation.
On the ComfyUI theme subreddit, one of the users shared his story: "I myself suffered from this attack. About a week after installing the ill-fated extension, I received a lot of notifications about suspicious attempts to log in to my accounts on various services. Therefore, I am absolutely sure that hackers are actively using the stolen data."
On their website, Nullbulge members also published a list of what they call login credentials for various accounts of hundreds of users.
vpnMentor, a company that offers VPN services and conducts cybersecurity research to promote its product, analyzed the hacked extension. According to them, it can steal cryptocurrency wallets, take screenshots of users ' screens, disclose information about devices and IP addresses, and steal files containing certain keywords or applications.
The site of Nullbulge itself is also currently unavailable, but in its archived version there is an "About us" section that reads: "We are a collective of people who are convinced of the importance of protecting the rights of artists and ensuring fair remuneration for their work."
Another section on the main page is titled: "You hacked me/us/my website! Why?". It says:
"We are sorry that we had to do this to you, but we only do it if you have committed one of the following acts that we consider 'sins': stealing works of art, promoting cryptocurrencies, using AI-generated art, stealing content from Patreon or other platforms that support artists, and as well as any other forms of encroachment on the rights of creators."
It remains unclear whether the hackers in this case are really guided by ideological beliefs or if this is just a cover-up. Regardless of the true motive, the attack on ComfyUI_LLMVISION once again highlights the serious risks of using free software from Github, supported by individuals or small groups of open source developers.
