https://old.reddit.com/r/comfyui/comments/1dbls5n/psa_if_youve_used_the_comfyui_llmvision_node_from/ jump to content my subreddits edit subscriptions * popular * -all * -random * -users | * AskReddit * -pics * -funny * -movies * -gaming * -worldnews * -news * -todayilearned * -nottheonion * -explainlikeimfive * -mildlyinteresting * -DIY * -videos * -OldSchoolCool * -TwoXChromosomes * -tifu * -Music * -books * -LifeProTips * -dataisbeautiful * -aww * -science * -space * -Showerthoughts * -askscience * -Jokes * -IAmA * -Futurology * -sports * -UpliftingNews * -food * -nosleep * -creepy * -history * -gifs * -InternetIsBeautiful * -GetMotivated * -gadgets * -announcements * -WritingPrompts * -philosophy * -Documentaries * -EarthPorn * -photoshopbattles * -listentothis * -blog more >> reddit.com comfyui * comments * other discussions (4) Want to join? Log in or sign up in seconds.| * English [ ][] [ ]limit my search to r/comfyui use the following search parameters to narrow your results: subreddit:subreddit find submissions in "subreddit" author:username find submissions by "username" site:example.com find submissions from "example.com" url:text search for "text" in url selftext:text search for "text" in self post contents self:yes (or self:no) include (or exclude) self posts nsfw:yes (or nsfw:no) include (or exclude) results marked as NSFW e.g. subreddit:aww site:imgur.com dog see the search faq for details. advanced search: by author, subreddit... this post was submitted on 09 Jun 2024 654 points (99% upvoted) shortlink: [https://redd.it/1dbl] Submit a new link Submit a new text post Get an ad-free experience with special benefits, and directly support Reddit. get reddit premium comfyui joinleave23,502 readers 332 users here now a community for 1 year MODERATORS * message the mods discussions in r/comfyui <> X 653 * 301 comments PSA: If you've used the ComfyUI_LLMVISION node from u/AppleBotzz, you've been hacked 38 * 25 comments [j5CJJWOE] Update to the LLMVision extension * 2 comments [iCbWGMgZ] Updated: Inpainting only on masked area, outpainting, and seamless blending (includes custom nodes, workflow, and video tutorial) 15 * 6 comments Is there a list a Comfyui malicious nodes, Loras ...etc? 5 * 22 comments [AysRIUIm] Why does FaceDetailer change the color/contrast of an image? [zBb7c-Qt] Electro Disco Swing video made with Comfui Ipiv image morpher 7 * 3 comments [ifWx7yEw] ComfyUI - AnyNode - LLM node generation 2 * 6 comments ReActor Face Models: still trying to understand something.... * 2 comments Adding things into pictures 4 [QAJoK4fo] Brand new Comfy training video is available to all! (Layer Composition, Photopea, Black Cut-out Effect, Sliders and Re-route) Welcome to Reddit, the front page of the internet. Become a Redditor and join one of thousands of communities. x 653 654 655 PSA: If you've used the ComfyUI_LLMVISION node from u/AppleBotzz, you've been hacked (self.comfyui) submitted 18 hours ago by _roblaughter_ - announcement I've blocked the user so they can't see this post to give you time to address this if you've been compromised. Long story short, if you've installed and used that node, your browser passwords, credit card info, and browsing history have been sent to a Discord server via webhook. I've been personally affected by this. About a week after I installed this package, I got a ton of malicious login notifications on a bunch of services, so I'm absolutely sure that they're actively using this data. Here's how to verify: The custom node has custom wheels for the OpenAI and Anthropic libraries in requirements.txt. Inside those wheels are malicious code. You can download the wheels and unzip to see what's inside. If you have the wheel labeled 1.16.2 installed: * it's actually installing 1.16.3, which doesn't exist. There is no 1.16.3 -- the release history goes from 1.16.2 to 1.17. https:// pypi.org/project/openai/#history * Inside that package, you'll find /lib/browser/admin.py. This file reads your browser data and stores it in your temp directory in a subdirectory with the format pre_XXXXX_suf. Inside, you'll find C.txt and F.txt, corresponding to Chrome or Firefox data. * The file contains an encrypted string. When you decrypt, it points to a Discord webhook: https://discord.com/api/webhooks/ 1226397926067273850/ 8DRvc59pUs0E0SuVGJXJUJSwD_iEjQUhq-G1iFoe6DjDv6Y3WiQJMQONetAokJD2nwym * This file is sending your data to that webhook. If you have 1.30.2 installed: * Again, it's compromised. You'll find openai/_OAI.py. Inside are two encrypted strings that are Pastebin links. I won't paste them here so you don't accidentally download the files... * The first Pastebin link contains another encrypted string that, when decrypted, points to another Discord webhook: https:// discord.com/api/webhooks/1243343909526962247/ zmZbH3D5iMWsfDlbBIauVHc2u8bjMUSlYe4cosNfnV5XIP2ql-Q37hHBCI8eeteib2aB * The second contains the URL for a presumably malicious file, VISION-D.exe. The script downloads and runs that file. * From looking at the rest of the code, it looks like the code is creating a registry entry, as well as stealing API keys and sending them to the Discord webhook. Here's how to tell if you've been affected: 1. Check C:\Users\YourUser\AppData\Local\Temp. Look for directories with the format pre_XXXX_suf. Inside, check for a C.txt and F.txt. If so, your data has been compromised. 2. Check python_embedded\site-packages for the following packages. If you have any installed, your data has been compromised. Note that the latter two look like legitimate distributions. Check for the files I referenced above. 1. openai-1.16.3.dist-info 2. anthropic-0.21.4.dist-info 3. openai-1.30.2.dist-info 4. anthropic-0.26.1.dist-info 3. Check your Windows registry under HKEY_CURRENT_USER\Software\ OpenAICLI. You're looking for FunctionRun with a value of 1. If it's set, you've been compromised. Here's how to clean it up: At least, from what I can tell... There may be more going on. 1. Remove the packages listed above. 2. Search your filesystem for any references to the following files and remove them: 1. lib/browser/admin.py 2. Cadmino. py 3. Fadmino. py 4. VISION-D.exe 3. Check your Windows registry for the key listed above and remove it. 4. Run a malware scanner. Mine didn't catch this. 5. Change all of your passwords, everywhere. 6. F*** that guy. Before you assume that this was an innocent mistake, u/applebotzz updated this code twice, making the code harder to spot the second time. This was deliberate. From now on, I'll be carefully checking all of the custom nodes and extensions I install. I had kind of assumed that this community wasn't going to be like that, but apparently some people are like that. F*** that guy. * 301 comments * share * save * hide * report top 200 commentsshow all 301 sorted by: best topnewcontroversialoldrandomq&alive (beta) [ ] Want to add to the discussion? Post a comment! Create an account [-]GarudoGAI 94 points95 points96 points 17 hours ago (0 children) I think this post needs to get pinned * permalink * embed * save * report * reply [-]nootropicMan 91 points92 points93 points 16 hours ago (18 children) This needs to be reported to the FBI. * permalink * embed * save * report * reply load more comments (18 replies) [-]Fair-Description-711 41 points42 points43 points 17 hours ago* (12 children) To help people figure out whether OP is fear-mongering or legit, I verified the existance of _OAI.py in the current custom 1.30.2 OpenAI wheel in the linked git hub repository; I didn't reverse engineer it to decrypt the apparent payload strings but it looks for all the world like code designed to be hard to understand but look like machine-compressed js (but it's obviously not to me), and therefore SCREAMS "suspicious". I'd take this one seriously. Very weirdly, I personally hard a creeped out feeling about LLMVISION when I saw that package, and speculated that anyone trying this kind of thing (I think I was thinking about gathering OpenAI keys) would be quickly found out, but didn't install the package. No idea why I would have felt suspicious though. * permalink * embed * save * report * reply [-]comfyanonymous 27 points28 points29 points 14 hours ago* (11 children) Yes unfortunately this is malware. I did some more analysis and that VISION-D.exe file seems to be downloading and installing a keylogger (LLMVISION.exe) to: %LocalAppData%\rundll64.exe Thankfully that one seems to be detected by antiviruses: https:// www.virustotal.com/gui/file/ 5f74400e5875798e1e4c1acc716733376be9c493ccd6a28e668e42a7f0d66596/ detection So a virus scan might be enough to get rid of it. EDIT: Just clarifying that this is for the keylogger that the latest version of that node installs you still need to delete the custom node code and the wheels it installed. If you use the standalone comfyui package I recommend deleting the whole thing and then doing a virus scan. * permalink * embed * save * parent * report * reply [-]HazKaz 5 points6 points7 points 10 hours ago (4 children) Would Microsoft defender detect this ? * permalink * embed * save * parent * report * reply [-]machstem 5 points6 points7 points 7 hours ago (0 children) Yeah in my experience, MD is the only AV you'd need anyways. * permalink * embed * save * parent * report * reply [-]InfiniteSpaceIPH 2 points3 points4 points 6 hours ago (0 children) If it took someone doing a deep dive into the code and no one had noticed prior, it doesn't seem so. MD often misses things in my experience. For anything suspicious, VirusTotal is definitely superior. But that of course means you already know what to scan :( * permalink * embed * save * parent * report * reply load more comments (2 replies) [-]lordpuddingcup 0 points1 point2 points 8 hours ago (5 children) Is this a python only exploit or is this going to fuck Linux and Mac comfy users too * permalink * embed * save * parent * report * reply [-]comfyanonymous 6 points7 points8 points 8 hours ago* (4 children) There's two things, there's a part that sends the openai and anthropic keys you put in it directly to a discord webhook, that part is in python and probably runs on all operating systems. The actual malware/keylogger part is an exe file so mac and linux should not be affected. EDIT: looking at the older wheel there's some python code that steals bitcoin wallets and browser profiles but it's only targeted at windows so this seems to be a windows specific attack. * permalink * embed * save * parent * report * reply load more comments (4 replies) [-]konzuko 40 points41 points42 points 15 hours ago (12 children) the question now is... what other nodes are compromised? * permalink * embed * save * report * reply [-]Philosopher_Jazzlike 9 points10 points11 points 9 hours ago (10 children) jup. I will start to build me a virtuel machine to run comfy there safely. * permalink * embed * save * parent * report * reply [-]delawarebeerguy 0 points1 point2 points 8 hours ago (9 children) Question is how do you pass through your bare metal GPU to the VM? * permalink * embed * save * parent * report * reply [-]Philosopher_Jazzlike 2 points3 points4 points 8 hours ago (7 children) I try it right now with a GPU-Passtrough on Hyper-V Will tell it you, if i know how [?] * permalink * embed * save * parent * report * reply load more comments (7 replies) [-]Philosopher_Jazzlike 1 point2 points3 points 7 hours ago (0 children) https://www.youtube.com/watch?v=KDc8lbE2I6I This helps me to get it to work (Like how it seems right now.) I see the GPU on my VM at the device Manager. * permalink * embed * save * parent * report * reply [-]oO0_ 1 point2 points3 points 6 hours ago (0 children) Any at any time could be. Use separate PC with Linux to keep private data and no auto-updates (and better no internet connection) and you will be safe * permalink * embed * save * parent * report * reply [-]Jazzlike_Top3702 34 points35 points36 points 17 hours ago (1 child) this is why we can't have nice things. * permalink * embed * save * report * reply [-]_roblaughter_[S] 13 points14 points15 points 17 hours ago (0 children) [sM1PKM-5e2mheXnD583vBB-8TNJMm59rv] * permalink * embed * save * parent * report * reply [-]mcmonkey4eva 58 points59 points60 points 15 hours ago (5 children) Relaying from the ComfyUI Matrix chat: Manager has been notified and has updated to now contain a check that will detect and warn you immediately if you were affected by this malware * permalink * embed * save * report * reply [-]_roblaughter_[S] 15 points16 points17 points 15 hours ago (1 child) [BmZBSr4_dV5UDHbkzDS_OVqZYq7oAltHGVluzSsfPek] * permalink * embed * save * parent * report * reply [-]Kadaj22 2 points3 points4 points 11 hours ago (0 children) [KJWCdgYh-hMLDfV16ImiuAU9NmHZZnxqoED8l1kkFjk] * permalink * embed * save * parent * report * reply [-]Nisekoi_ 0 points1 point2 points 1 hour ago (0 children) Is Matrix safe, I use Web forge? * permalink * embed * save * parent * report * reply load more comments (2 replies) [-]redAppleCore 28 points29 points30 points 17 hours ago* (21 children) While it isnt going to fully protect you i recommend learning how to install comfyui in a docker container, it isnt necessarily easy but there will be a lot more of stuff like this * permalink * embed * save * report * reply [-]_roblaughter_[S] 20 points21 points22 points 17 hours ago (0 children) At least it was in a virtual environment and I didn't get caught up in the nastier second version, but it definitely would have been safer in Docker... [?] F*** that guy. * permalink * embed * save * parent * report * reply [-]Intoempty 16 points17 points18 points 16 hours ago (0 children) Docker is good. I also use NetLimiter and deny Python from accessing the network unless I want to manually update Comfy. On Mac, LittleSnitch is helpful to see who is talking to who-- and stop it. * permalink * embed * save * parent * report * reply [-]OfficeSalamander 3 points4 points5 points 17 hours ago (0 children) Oh not a bad idea, I hadn't even thought of doing that, but that's a smart plan going forward * permalink * embed * save * parent * report * reply [-]goodie2shoes 2 points3 points4 points 7 hours ago (3 children) sorry for asking this question again but I'm just a user of the product for creating and know very little about the technical aspects. Here's my dumb idea and please shoot it down if it deserves it. I install comfyui on a diffrent windows user profile which has no admin rights. And I would only use that account for comfy stuff and superficial browsing without loggin in anywhere. Would that be a 'safe' option? * permalink * embed * save * parent * report * reply [-]redAppleCore 2 points3 points4 points 5 hours ago (2 children) I think it is unlikely to be safe, things like this chain exploits to gain additional privileges and it is very very unlikely that there isn't some other exploit somewhere on your system that a hack could take advantage of to get ahold of everything else. * permalink * embed * save * parent * report * reply [-]_BreakingGood_ 1 point2 points3 points 1 hour ago (0 children) Definitely won't be 100% safe but most malware these days is pretty simple: copy all your browser data and upload it to discord, allow remote screen sharing, allow the hacker to remotely take control of your PC. Run comfy on a machine with no important browser info and you'll be protected from most of the basic stuff out there. The real scary stuff (things that can cross VM boundaries, cross docker boundaries, even cross network boundaries) are possible but those are very unlikely to be utilized to steal random people's browser data, those are for more targeted attacks. * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]Lividmusic1 1 point2 points3 points 10 hours ago (1 child) is there any tuts on this? id love to run my stuff in a docker container * permalink * embed * save * parent * report * reply [-]redAppleCore 1 point2 points3 points 5 hours ago (0 children) I am writing one up today, I will post it here * permalink * embed * save * parent * report * reply [-]KeithHanson 1 point2 points3 points 16 hours ago (3 children) Actually, docker would fully protect you from this? And most any malicious code I think. A .exe isn't going to run in a Linux container. And python files won't see your browser data of your host machine. I struggle to think of a way that any of the host's sensitive data could be stolen from within a container short of some major docker vulnerabilities, right? * permalink * embed * save * parent * report * reply [-]redAppleCore 10 points11 points12 points 16 hours ago (1 child) In theory, it cant, but docker has had some vulnerabilities that allowed container apps to run commands on the host. This attack would have been foiled but there exists the possibility that someone someday has an exploit that can break out. Hence my hedge. 99.999% likely safe * permalink * embed * save * parent * report * reply [-]kjames2001 4 points5 points6 points 15 hours ago (0 children) But still, docker would make it much safer for the average user and much harder for the hacker exploit. Besides, it can make installation on Linux much easier. * permalink * embed * save * parent * report * reply [-]meganitrain 0 points1 point2 points 2 hours ago (0 children) The main problem is that you have to give the container access to your GPU. It's definitely better than not using Docker, but the attack surface is still large: https://security.stackexchange.com/a/ 182516/47851 * permalink * embed * save * parent * report * reply [-]PlushySD 1 point2 points3 points 15 hours ago (5 children) I'd love to install comfyUI behind a docker, would you mind point me to where should I start learning about this? * permalink * embed * save * parent * report * reply [-]kjames2001 5 points6 points7 points 15 hours ago (4 children) There is no official docker image, so you'll have to build your own. Try to learn docker build. If you figure it out, please share. * permalink * embed * save * parent * report * reply [-]PlushySD 2 points3 points4 points 15 hours ago (3 children) I'll dive in that rabbit hole and if I get out alive I'll let you know lol. * permalink * embed * save * parent * report * reply [-]StatisticianFew6064 3 points4 points5 points 11 hours ago (1 child) It's not hard, just tedious. You'll get it. I've built them for several apps before and I'm basically a moron. * permalink * embed * save * parent * report * reply [-]PlushySD 1 point2 points3 points 11 hours ago (0 children) Cool cool, I'll crawl my way there. * permalink * embed * save * parent * report * reply [-]bunchedupwalrus 1 point2 points3 points 12 hours ago (0 children) The only difficult part is that you can't use your GPU during the container build process, so you'll need to pre-build any wheels if it comes up * permalink * embed * save * parent * report * reply [-]marhensa 0 points1 point2 points 10 hours ago (0 children) Is installing it in Docker eating much RAM compared to native installation? * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]lipsumar 10 points11 points12 points 16 hours ago (1 child) OP, did you report it to GitHub? * permalink * embed * save * report * reply [-]_roblaughter_[S] 15 points16 points17 points 16 hours ago (0 children) Yes. * permalink * embed * save * parent * report * reply [-]nootropicMan 9 points10 points11 points 17 hours ago (0 children) Thank you for this and I'm sorry you got compromised. F*** that guy. * permalink * embed * save * report * reply [-]mrnoirblack 8 points9 points10 points 15 hours ago (1 child) 1. Use the dir command to search for the files. Run the following commands one by one: cmdCopy codedir C:\lib\browser\admin.py /s /p dir C:\Cadmino.py /s /p dir C:\Fadmino.py /s /p dir C:\VISION-D.exe /s /p These commands will search your entire filesystem for the specified files and remove them if found. Make sure you have the necessary permissions to execute these commands. * permalink * embed * save * report * reply [-]frequenZphaZe 1 point2 points3 points 6 hours ago (0 children) what does it mean if I was able to find the python packages and the _OAI.py registry entry but not any of these files? I tried your commands as well as manual searches with the explorer but didn't find anything * permalink * embed * save * parent * report * reply [-]ostrisai 7 points8 points9 points 11 hours ago (1 child) Everyone be sure to report the user to github. https:// support.github.com/contact/report-abuse?category=report-abuse&report= AppleBotzz . The more reports, the more likely action will be taken. * permalink * embed * save * report * reply [-]belladorexxx 3 points4 points5 points 5 hours ago (0 children) Ok folks you can stop reporting, GitHub has taken it down. * permalink * embed * save * parent * report * reply [-]arcanin 7 points8 points9 points 11 hours ago (8 children) They just updated the repo * permalink * embed * save * report * reply [-]_roblaughter_[S] 27 points28 points29 points 10 hours ago (5 children) This is a lame attempt to cover their tracks by blaming it on someone else. The commit history shows exactly what the author did, and that this was deliberate. The compromised code was there on the initial commit, as well as in the update. * permalink * embed * save * parent * report * reply [-]belladorexxx 5 points6 points7 points 9 hours ago (2 children) This cover attempt makes me think, maybe the hacker made some opsec mistakes and it might be possible for services like GitHub or Huggingface to find the real identity of the hacker? If the hacker knows they might be deanonymized, that gives them a motive to try to explain "oh no it was real project but it was hacked by someone else". * permalink * embed * save * parent * report * reply load more comments (2 replies) [-]_BreakingGood_ 1 point2 points3 points 1 hour ago (0 children) It may be an attempt to blame it on somebody else, but that hacker group "NullBulge" already has a reputation for being anti-AI and has been distributing this exact malware all over the place recently. Here is this exact group using this exact malware 4 days ago: https:/ /www.youtube.com/watch?v=yjLYz2lo0FE Of course "copycat crimes" have always been a thing forever, so there's no way to know for sure. Anyway, it's important to be extremely careful these days. This group is out to infect and compromise users of AI software. * permalink * embed * save * parent * report * reply [-]Scruffy77 0 points1 point2 points 11 hours ago (0 children) People suck * permalink * embed * save * parent * report * reply [-]Overall-Newspaper-21 7 points8 points9 points 7 hours ago (2 children) Most important questions 1. The malware only run when comfyui is active ? 2. After delete comfyui custom node the pc become clear ? Or malware is persistent ? 3. This malware "Just" steal password and usernames ? Can It steal cookies ? Is a Keylogger ? * permalink * embed * save * report * reply [-]_BreakingGood_ 1 point2 points3 points 1 hour ago (0 children) The reality is nobody knows. It might be running forever, embedded in a random place with a random name you'll never find. Deleting it might not do anything. It might steal passwords, be a keylogger, use your computer as a botnet, etc... The only way to be sure it's gone is to format your harddrive and reinstall windows (not just click the 'reset PC' function in Windows, you need to format the device.) * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]noyart 7 points8 points9 points 13 hours ago (0 children) Someone already tipped him off, or made a issue on github. https://github.com/AppleBotzz/ComfyUI_LLMVISION/issues/6 * permalink * embed * save * report * reply [-]sahil1572 5 points6 points7 points 7 hours ago (2 children) why TF NVidia Doesn't allow GPU Virtualization on consumer GPUs. * permalink * embed * save * report * reply load more comments (2 replies) [-]Primantiss 15 points16 points17 points 17 hours ago (8 children) Thanks for the heads up. Out of curiosity I looked into the ComfyUI Manager to see if it was listed, and sure enough it was. I fortunately dodged this bullet but now I will be paranoid about new custom nodes. Is there any way for a layman to look into these things? * permalink * embed * save * report * reply [-]_roblaughter_[S] 46 points47 points48 points 17 hours ago (2 children) Copying and pasting from a previous comment... I only happened to notice this because I was trying to free up some space on my hard drive and noticed some weird files in my temp folder. When I opened them, I saw plain text passwords, so I knew something was up. So I started digging. I checked the time stamps on the files to try to figure out a pattern, and noticed that it would create a new file every time I launched Comfy. I had a weird lag when another LLM node was hanging, so I suspected it at first. I did a code search for the files and naming convention and found the compromised package. ChatGPT helped me decrypt it. I cross referenced that with the metadata for the package and found it was associated with a package version that didn't exist. So I checked all of the requirements.txt files for how a package that didn't exist could get installed and found the "backup wheels" in the malicious node. So I downloaded the wheels and unzipped them to confirm, along with the nastier second version that I fortunately hadn't installed. Decrypted that one, and here we are. * permalink * embed * save * parent * report * reply [-]Primantiss 11 points12 points13 points 17 hours ago (0 children) Some impressive detective work there! Thank you for the insight and methods you used. * permalink * embed * save * parent * report * reply [-]2k4s 6 points7 points8 points 15 hours ago (0 children) [pabeBCc3OJHdDTsPdo2NXjW67bBXEKnJiNKMILWcrF0] * permalink * embed * save * parent * report * reply [-]redAppleCore 11 points12 points13 points 16 hours ago (4 children) With custom node installing and python packages I think it is very unlikely a layman has any shot at finding some, this one was actually pretty egregiously obvious compared to some I have seen elsewhere. Your best bet is getting it in a docker container. I am a pretty good programmer, but I do not trust myself at all to not miss things, so I use Docker for everything. Last I checked there were already publicly available images for ComfyUI - there will still be a learning curve, but if you already learned enough to install comfy manager it isn't anything you cant handle I am eagerly awaiting the day AI can find these the second they're posted * permalink * embed * save * parent * report * reply [-]Primantiss 1 point2 points3 points 16 hours ago (2 children) Thank you, I will put that on my to-learn list. In the mean time I'll be very cautious of which nodes I download. * permalink * embed * save * parent * report * reply [-]redAppleCore 31 points32 points33 points 16 hours ago (1 child) I decided that tomorrow I will post a guide on getting ComfyUI running in Docker with plugins on here (its 3 am here now so, Im clocking out for the night) - in theory the more people doing things safely in the community, the less appetizing our community will be to hackers * permalink * embed * save * parent * report * reply [-]reddit22sd 2 points3 points4 points 15 hours ago (0 children) Thanks in advance! * permalink * embed * save * parent * report * reply [-]_BreakingGood_ 0 points1 point2 points 1 hour ago (0 children) Just to be clear, Docker is not a VM. It is not sandboxed and offers no security over traditional software. It does offer "security by obscurity" (aka: A hacker is unlikely to take the time to write software that properly handles docker) but that's not exactly something that should afford confidence. A VM is a decent alternative, though not 100% secure. Your best bet is to host comfy UI on a completely separate server and just access it through the web interface. * permalink * embed * save * parent * report * reply [-]lamnatheshark 10 points11 points12 points 15 hours ago (0 children) Aaaaand that's why my ML machine is a completely separated and an empty one with just SD and LLMs on it, nothing else. Network is also separated with a 4g access point. I have regular backup images clones of the unique SSD inside. And of course web browser doesn't store any passwords. No documents, no photos, nothing, no other software, no connected clients like steam or adobe or drive. * permalink * embed * save * report * reply [-]i860 6 points7 points8 points 3 hours ago (0 children) Dude's even putting out hacked mods for Beam.NG as well (read the comments): https://www.modland.net/beamng.drive-mods/cars/ bolide-skyrider.html Plus read his post history: https://www.reddit.com/r/ beamng_leaked_mods/comments/1cln2gc/comment/l2xcma0/ * permalink * embed * save * report * reply [-]no_witty_username 8 points9 points10 points 7 hours ago (3 children) I think this post is gonna sober ups some folks here regarding the dangers of fiddling around with tech on the razors edge of progress. It sure as fuck spooked me. I hope we as a community can come up with ways to mitigate these problems kind of like safe tensors was a great addition. Crazy catch BTW, mad props. * permalink * embed * save * report * reply [-]loamy 1 point2 points3 points 6 hours ago (0 children) Yeah good way to put it, definitely feel sobered up despite not having been directly impacted by this! * permalink * embed * save * parent * report * reply [-]Jurph 0 points1 point2 points 3 hours ago (1 child) After that, go read up on: * The Linux backdoor attempt of 2003 * The recent attempt to backdoor "xzutils" * Some of the typosquatting attacks against LLMs (ask a GPT to recommend packages, see which ones it made up, quick write a util that does the thing the GPT said...plus a little extra) One of the best remaining supply-chain vectors is "trusted" open source code, so learn when to not trust open source code. * permalink * embed * save * parent * report * reply [-]_BreakingGood_ 0 points1 point2 points 1 hour ago (0 children) The XZUtils story is insane and should really scare every person here into partaking into whatever security they can enable on their home networks. In short: We were days away from having a backdoor embedded inside of SSH, giving the hackers remote access to virtually every server and PC on earth. How was it found? An engineer at Microsoft just so happened to notice that it was taking ~500ms longer to build than normal. He dug into it to figure out why, and located the backdoor. What if he didn't bother? https://doublepulsar.com/ inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd * permalink * embed * save * parent * report * reply [-]TotesMessenger 3 points4 points5 points 18 hours ago (0 children) I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit: * [/r/stablediffusion] PSA: If you've used the ComfyUI_LLMVISION node from u/AppleBotzz, you've been hacked ^If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. ^(Info ^/ ^Contact) * permalink * embed * save * report * reply [-]Ethrillo 3 points4 points5 points 11 hours ago (1 child) Holy shit. This is actually scary. Who knows if other nodes have similar malicious packages. I really need to learn docker i guess. * permalink * embed * save * report * reply [-]alecubudulecu 1 point2 points3 points 5 hours ago (0 children) The question is WHICH other nodes. "If other nodes" has been confirmed. They do. The hacker group also confirmed it. They are in multiple nodes. * permalink * embed * save * parent * report * reply [-]CrasHthe2nd 2 points3 points4 points 11 hours ago (0 children) The README on the github repo just got updated * permalink * embed * save * report * reply [-]henk717 3 points4 points5 points 9 hours ago (5 children) Nice work OP, you should upload the .exe sample to https:// bazaar.abuse.ch/upload/ that way all the malware researchers can have a field day with it. If you upload it there it will get forwarded to pretty much every reputable virus sandboxing website. * permalink * embed * save * report * reply [-]_roblaughter_[S] 3 points4 points5 points 9 hours ago (4 children) I've had enough problems this weekend. Not a snowball's chance in Hawaii I'm downloading that. * permalink * embed * save * parent * report * reply [-]henk717 2 points3 points4 points 9 hours ago (3 children) Oh I thought you already had vision-d.exe from your analysis. If you don't have it (anymore) no worries. * permalink * embed * save * parent * report * reply load more comments (3 replies) [-]Soulreaver90 4 points5 points6 points 8 hours ago (1 child) Good on the comfyui manager devs for baking in a security checker and other additions to help. I think all the major AI repos (A1111, Next, etc) need to have some more security features baked in. I'm not fond of scare tactics, but even a general notice or a toggle to enable custom extensions would be something beneficial for the regular user. * permalink * embed * save * report * reply [-]Hahinator 1 point2 points3 points 8 hours ago (0 children) There's a lot already employed - GRadio for example has protections in place. Unfortunately when you want an app to use an external server (like in this case OpenAI for ChatGPT4) you kinda have to allow some risky things like outgoing internet calling. Sad situation. * permalink * embed * save * parent * report * reply [-]Qual_ 5 points6 points7 points 7 hours ago (0 children) lol that bastard * permalink * embed * save * report * reply [-]Joviex 3 points4 points5 points 6 hours ago* (3 children) Curious why nobody has made a small little app to just pound the living crap out of that Discord web hook and then have all of us just pound the living crap out of that Discord web hook with junk * permalink * embed * save * report * reply [-]_roblaughter_[S] 3 points4 points5 points 5 hours ago (1 child) Go forth and blast away * permalink * embed * save * parent * report * reply [-]Joviex 0 points1 point2 points 5 hours ago (0 children) postman and a dream! Thanks? I guess for taking one for the team :( * permalink * embed * save * parent * report * reply [-]_BreakingGood_ 0 points1 point2 points 1 hour ago (0 children) The endpoint is dead, Discord is very quick on this. This hacking group has been infecting a number of different AI related software lately and the Discord channels are always shut down very quickly. * permalink * embed * save * parent * report * reply [-]Qual_ 4 points5 points6 points 6 hours ago (1 child) I heavily suspect this user to be the same user u/DerWesselinger * permalink * embed * save * report * reply load more comments (1 reply) [-]alecubudulecu 3 points4 points5 points 5 hours ago (6 children) Dev and node gone from GitHub. Disappeared. * permalink * embed * save * report * reply [-]_roblaughter_[S] 2 points3 points4 points 5 hours ago (5 children) [FayUD7t_9U17NSfAb48Vcz9kWMsRTTrA7dR6fshdQow] * permalink * embed * save * parent * report * reply [-]alecubudulecu 0 points1 point2 points 5 hours ago (4 children) Something I'm confused about. Is entire pc security compromised with this or just OpenAI account info? Or no idea? I run comfyui on my gaming pc (where I have mods from untrusted sources. So I don't use any info on it. Ie I couldn't care much if compromised cause don't type or key in any sensitive info). Plus I didn't have THIS node. But as they said. Could be other places too. * permalink * embed * save * parent * report * reply [-]_roblaughter_[S] 1 point2 points3 points 4 hours ago (3 children) Full file system, because it's running with the same privileges as the user. * permalink * embed * save * parent * report * reply [-]alecubudulecu 1 point2 points3 points 4 hours ago (2 children) thanks. this explains why folks were saying their openAI account suddenly had lots of charges. the key is likely in an unencrypted text file in their filesystem. so encrypted stuff ... aside from them potentially copying and decrypting it eventually.... should be safe (in concept) * permalink * embed * save * parent * report * reply load more comments (2 replies) [-]Guilherme370 3 points4 points5 points 4 hours ago (3 children) Also, guys, get this, they also added those requirements as dependencies in the hugginface space they have. Also does anyone still have those wheel files?~ webhook here I go~ * permalink * embed * save * report * reply [-]_roblaughter_[S] 1 point2 points3 points 2 hours ago (0 children) I might have a copy in my trash. I'll check when I'm back on my laptop. * permalink * embed * save * parent * report * reply [-]Illustrious_Sand6784 0 points1 point2 points 28 minutes ago (1 child) u/clefourrier u/vaibhavs10 sorry to bug, but can either of you take down this person's account? I didn't see a report account option on huggingface. * permalink * embed * save * parent * report * reply [-]vaibhavs10 1 point2 points3 points 22 minutes ago (0 children) Just flagged this internally! Thanks for the mention! * permalink * embed * save * parent * report * reply [-]BlastedRemnants 2 points3 points4 points 2 hours ago (0 children) I just checked again and he's been removed from Github, so that's good news at least. Good riddance too! * permalink * embed * save * report * reply [-]RedPanda888 2 points3 points4 points 16 hours ago (0 children) Is there anyone that needs to be alerted to this so they can potentially flag it when people download or install? Microsoft? Unsure how malware reporting usually works. * permalink * embed * save * report * reply [-]vikker_42 2 points3 points4 points 15 hours ago (5 children) I hope it wasn't in the manager * permalink * embed * save * report * reply [-]_roblaughter_[S] 3 points4 points5 points 15 hours ago (4 children) It sure is. * permalink * embed * save * parent * report * reply load more comments (4 replies) [-]SykenZyWorkflow Included 2 points3 points4 points 14 hours ago (7 children) Fuck this guy! Really, we need to think ab9ut how to make him pay for what he did! He is disgrace to open source community!! Did you lose anything financially? Hopefully not! Thanks for investigatimg and reporting! * permalink * embed * save * report * reply [-]_roblaughter_[S] 6 points7 points8 points 14 hours ago (4 children) My OpenAI account was hacked twice this month, and I suspect this is where it came from. I'm currently out $1k while OpenAI's lackluster support looks into it. * permalink * embed * save * parent * report * reply [-]SykenZyWorkflow Included 0 points1 point2 points 14 hours ago (0 children) Sorry about that, but OpenAI should be able to pinpoint from where all those requests came and do something about it. * permalink * embed * save * parent * report * reply [-]nickdaniels92 0 points1 point2 points 8 hours ago (0 children) Did they top up your account from stolen card details? Mine recently got switched to needing to be pre-paid and I assumed that was the case for all accounts. I top it up to cover a certain period, but never excessively, and there's no auto-topup feature AFAIK. * permalink * embed * save * parent * report * reply [-]frequenZphaZe 0 points1 point2 points 7 hours ago* (0 children) similar thing happened to me. I have a dev account for dicking around so I only keep about $10 of credit on it, but the whole account got drained randomly. I thought that maybe I set up a connection wrong or there was a bug and it was spamming calls to the API or something. I immediately reset the keys and notified openai support. since it was such a small amount of money, they almost instantly refunded it and I didn't think twice about it since. I guess the silver lining is that it wasn't my fault after all * permalink * embed * save * parent * report * reply [-]goodie2shoes 1 point2 points3 points 7 hours ago (0 children) I think we should think of ideas to prevent others from doing this again. No use in hunting this freak down. There be 10 in his place, in no time if it gets out how easy it is to dupe a pretty large community * permalink * embed * save * parent * report * reply [-]LD2WDavid 2 points3 points4 points 12 hours ago (5 children) Question... I had "openai-1.16.3.dist-info" in Python/site packages but not on ComfyUI folder. Is this the same? * permalink * embed * save * report * reply [-]jasonfrog 2 points3 points4 points 10 hours ago (4 children) Yes, as there isn't an official 1.16.3 version ( https://pypi.org/ project/openai/#history ) * permalink * embed * save * parent * report * reply [-]LD2WDavid 2 points3 points4 points 10 hours ago (3 children) Perfect. Deleted everything, node, openai distro, cadmino, fadmino, admin but no pre folders found, c or f.txts, no vision-d.exe neither, no registry openaicli. Its then fine? All changed via mobile phone without internet, just im case. Thanks a lot! * permalink * embed * save * parent * report * reply [-]realityczek 3 points4 points5 points 7 hours ago (1 child) Personally? My recommendation is to rebuild the machine from scratch. Anytime you become aware of being compromised like this, it is worth recognizing you will never really know if you cleaned it out. * permalink * embed * save * parent * report * reply [-]LD2WDavid 1 point2 points3 points 6 hours ago (0 children) Yeah. I have everything under 2FA for that side it's not a problem except if they had my phone, which is not the case. They can't but anything or charge anything into Credit Card. For ComfyUI for now I'm running into VM for testings or new nodes. And for system, didn't find anything else and will run a complete antivirus and malware scan today. Thanks for the tips. * permalink * embed * save * parent * report * reply [-]belladorexxx 1 point2 points3 points 9 hours ago (0 children) At this point no one can really say for sure what the malware does. Depends what kind of activities you do on your computer if you want to call it a day or if you need to reinstall your OS from scratch. For example, if you deal with crypto, you probably want to reinstall now. * permalink * embed * save * parent * report * reply [-]yoomiii 2 points3 points4 points 11 hours ago (2 children) Well some bright mind already posted a link to OP in the AppleBotzz repo issues one hour after you posted this. https://github.com/ AppleBotzz/ComfyUI_LLMVISION/issues/6 * permalink * embed * save * report * reply [-]alecubudulecu 0 points1 point2 points 5 hours ago (1 child) Gone. The node and author disappeared * permalink * embed * save * parent * report * reply [-]Guilherme370 0 points1 point2 points 3 hours ago (0 children) They just made a new alt account, that apple_botzzz account from what i've been investigating is juts one of their alts ... * permalink * embed * save * parent * report * reply [-]LD2WDavid 2 points3 points4 points 4 hours ago (1 child) Time for community to build a nice ComfyUI Docker container. Pretty much sure we will have it soon. Congrats on the finding OP! * permalink * embed * save * report * reply [-]TechnoByte_ 0 points1 point2 points 3 hours ago (0 children) This one is pretty good: https://github.com/YanWenKun/ComfyUI-Docker * permalink * embed * save * parent * report * reply [-]hopbel 2 points3 points4 points 4 hours ago (1 child) Perhaps there needs to be an option to forbid installing packages that aren't from PyPI * permalink * embed * save * report * reply [-]i860 2 points3 points4 points 3 hours ago (0 children) There are many nodes which make direct callouts to pip install. It's effectively impossible to control this with just the manager. * permalink * embed * save * parent * report * reply [-]ScionoicS 5 points6 points7 points 5 hours ago (7 children) I've been saying this for over a year. Why are people so vehomentaly against any format other than safetensors, while also not giving any fuck about how comfyui increases their attack surface. Every single workflow requires it's own set of custom nodes and nobody flinches when they're required to install dozens of them. Every Single Custom Node Is A Fully Fledged Script Executing On Your Machine. The fear mongering around ckpt files while this is the common situation that every comfyui user is happy with, is insanity. * permalink * embed * save * report * reply [-]RandallAware 0 points1 point2 points 2 hours ago (6 children) I have seen you warn about this, so kudos. * permalink * embed * save * parent * report * reply load more comments (6 replies) [-]Dwedit 3 points4 points5 points 16 hours ago* (1 child) Blocking a user does not stop them from seeing your posts. When the blocked user sees the post, it is replaced with a conspicous placeholder that looks different than a regular deleted post. Loading the same page in Incognito mode reveals the post. * permalink * embed * save * report * reply [-]_roblaughter_[S] 7 points8 points9 points 16 hours ago (0 children) Whelp. Best I could do. Hopefully it's a bit of a deterrent. * permalink * embed * save * parent * report * reply [-]Primantiss 2 points3 points4 points 17 hours ago (5 children) Thanks for the heads up. Out of curiosity I looked into the ComfyUI Manager to see if it was listed, and sure enough it was. I fortunately dodged this bullet, but now I will be paranoid about new custom nodes. Is there any way for a layman to look into these things? * permalink * embed * save * report * reply [-]noyart 4 points5 points6 points 10 hours ago (1 child) This is why I hate downloading bunch of workflows that use bunch of custom nodes, you end up with a bunch of them that you dont know anything about, tho if I was looking for LLM it would totally have downloaded something like this. OP really digged "deep" to find this shit. so normy like me wouldnt even find it * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]2roK 1 point2 points3 points 13 hours ago (2 children) How do I check in comfyui manager if I installed that node or not? * permalink * embed * save * parent * report * reply [-]lordpuddingcup 1 point2 points3 points 8 hours ago (0 children) Update manger they added a warning if you had it, and it also terminates it above according to a recent comment above * permalink * embed * save * parent * report * reply [-]noyart 0 points1 point2 points 10 hours ago (0 children) if you search for it in your mananger it should show up, or look in your custom_node folder and see if you have it installed there. * permalink * embed * save * parent * report * reply [-]WavesCrashing5 1 point2 points3 points 16 hours ago (0 children) Thank you so much for spreading awareness on this. I'll be more careful on my plug-ins and perhaps learn docker. Been hearing good things about it. Hopefully it's easish * permalink * embed * save * report * reply [-]Organix33 1 point2 points3 points 15 hours ago (0 children) thank you for your report on this * permalink * embed * save * report * reply [-]vanonym_ 1 point2 points3 points 13 hours ago (0 children) I always thought it would be sooooo easy to make tons of victim by uploading a malicious node lol. This is kind of sad, good luck to all of you that are affected. Remember to frequently change your passwords and use 2fa when you can! * permalink * embed * save * report * reply [-]Adventurous-Grab-452 1 point2 points3 points 11 hours ago (0 children) "openai-1.2.4.dist.info" I have this... Am I in trouble? * permalink * embed * save * report * reply [-]superCobraJet 1 point2 points3 points 10 hours ago (0 children) Is this the first ComfyUI Manager security alert or has this happened before? * permalink * embed * save * report * reply [-]gokayfem 1 point2 points3 points 8 hours ago (0 children) now i understand, thats why he didnt want to send me simple pull request about this simple wrapper lol. glad i didnt clone this repo. * permalink * embed * save * report * reply [-]CineMaster1 1 point2 points3 points 6 hours ago (5 children) I have the openai-1.30.2.dist-info folder, but not the file _OAI.py. Very few files in there at all, all under 50KB with no file extensions. Do you think I'm safe, or am I definitely screwed? * permalink * embed * save * report * reply [-]_roblaughter_[S] 0 points1 point2 points 6 hours ago (4 children) 1.30.2 is a legit package version, unlike the other. But there should be an openai directory in there, which is where the package contents would live. * permalink * embed * save * parent * report * reply [-]CineMaster1 0 points1 point2 points 6 hours ago (0 children) Interesting, thanks. No openai folder, so I guess I may have removed it at some point? All the files in the folder are text files, with legit looking logging and config data. Fingers crossed I'm OK, since no other red flags you mentioned exist. * permalink * embed * save * parent * report * reply [-]IntelligentRub9921 0 points1 point2 points 4 hours ago (2 children) What about 1.30.1? Am I safe? * permalink * embed * save * parent * report * reply [-]_roblaughter_[S] 1 point2 points3 points 4 hours ago (1 child) Deets are in the post. If you don't have those packages and files, you're not affected by this particular situation. * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]ghostsquad4 1 point2 points3 points 6 hours ago (1 child) Blocking users doesn't prevent them from seeing your posts. It only blocks you from seeing their posts and comments. * permalink * embed * save * report * reply [-]_roblaughter_[S] 2 points3 points4 points 5 hours ago (0 children) Whelp. I tried. Y'all went and started trolling their GitHub issues, so the jig was up then. * permalink * embed * save * parent * report * reply [-]berzerkerCrush 1 point2 points3 points 3 hours ago (1 child) Thanks for the post. This is why containers (like docker) and virtual machine are super useful. With those, you encapsulate your software and give it exactly the right access to relevant outside elements (e.g. a folder). The downsides are that it's not obvious to use them (especially containers) and virtual machines need lots of disk space. * permalink * embed * save * report * reply [-]i860 1 point2 points3 points 3 hours ago (0 children) It's entirely possible to do this within userland as well by acquiring access to the GPU and then dropping all privileges before loading any custom nodes. The problem is that it's a hassle under anything non-Linux. * permalink * embed * save * parent * report * reply [-]Apprehensive_Sky892 1 point2 points3 points 3 hours ago (0 children) People have suggested running ComfyUI (and by the same logic, Automatic1111 or any software that allows 3rd party modules/ extension) in a docker. For Windows users, I would also recommend Sandboxie: https:// sandboxie-plus.com/sandboxie which I use to run my Firefox browser (which has the same problem of allowing 3rd party extension) But one can also turn things around and set up a special computer that is only used to access important/confidential accounts, such as your bank. This computer should only be used for such tasks and not for anything else. I use a spare old laptop running Linux (so no Windows virus would be possible) to access my bank accounts, and those are the only sites allowed on that laptop. At least then, even if your main computer get compromised, you don't have to worry about your bank accounts. * permalink * embed * save * report * reply [-]Abu-AlMalkawi 1 point2 points3 points 26 minutes ago (0 children) all i've found were those: -openai-1.23.3.dist-info -anthropic -anthropic-0.25.6.dist-info I also couldn't find OpenAICLI in registry am i safe, please be yes. and F*** that guy. * permalink * embed * save * report * reply [-]waferselamat 2 points3 points4 points 17 hours ago (29 children) How can I tell if a custom node has been hacked? What should I look out for? I installed a bunch of custom nodes from OpenAI's workflow. Everything seems to be working fine, but I'm worried there might be something fishy going on in the background. A lot of people like me aren't programmers and just use workflow JSON files from tutorials or websites without fully understanding what the custom nodes do. * permalink * embed * save * report * reply [-]_roblaughter_[S] 11 points12 points13 points 17 hours ago (1 child) I only happened to notice this because I was trying to free up some space on my hard drive and noticed some weird files in my temp folder. When I opened them, I saw plain text passwords, so I knew something was up. So I started digging. I checked the time stamps on the files to try to figure out a pattern, and noticed that it would create a new file every time I launched Comfy. I had a weird lag when another LLM node was hanging, so I suspected it at first. I did a code search for the files and naming convention and found the compromised package. ChatGPT helped me decrypt it. I cross referenced that with the metadata for the package and found it was associated with a package version that didn't exist. So I checked all of the requirements.txt files for how a package that didn't exist could get installed and found the "backup wheels" in the malicious node. So I downloaded the wheels and unzipped them to confirm, along with the nastier second version that I fortunately hadn't installed. Decrypted that one, and here we are. * permalink * embed * save * parent * report * reply [-]Kadaj22 2 points3 points4 points 11 hours ago (0 children) I was doing the same thing however I thought to myself things would be so much easier if I just factory reset this and started again from scratch. Here's hoping that it removed that node as I was using it and even pushed for a local llm version on this sub... Edit; actually think it was a different node (https://www.reddit.com/ r/comfyui/s/3yY6it0hCW) I feel like I had used that visionLLM but thankfully it seems like I never did. * permalink * embed * save * parent * report * reply [-]SleeperAgentM 10 points11 points12 points 16 hours ago (18 children) You can't. Losing all your data, passwords and potentially drained account if you pay for something online during takover time is the price you're paying for free shit and staying on the edge of development. Open source supply side attacks are becoming more aand more frequent. Everything was operating on a good faith and trust basis till now, but situation is rapidly deteriorating. * permalink * embed * save * parent * report * reply [-]belladorexxx 5 points6 points7 points 12 hours ago (16 children) the price you're paying for free shit I don't like the implication here that if you paid for a proprietary tool then you would be safe from malware like this. Most often those proprietary tools are built on top of tons of free open source software, so they will get the malware just like free open source releases get malware. * permalink * embed * save * parent * report * reply [-]SleeperAgentM 3 points4 points5 points 11 hours ago (13 children) This is the correct implication. You might not like it, but it's the truth. As long as you're not actually reading the source OS is same as closed source. In which case reputation and responsibility is what matters. You are generally less likely to get a malware from a company or a foundation with reputation to lose, with address, and a name of the owner to sue, then from anonymous rando on the internet. Stable versions of projects with good reputation managed by a foundation eg. being part of Apache, Linux, GNU foundations, or having it's own foundation/comercial entity backing it. Are going to be fine. So will be projects by real companies. Random plugin by an anon on the other hand? Goddess have mercy on your soul. * permalink * embed * save * parent * report * reply load more comments (13 replies) load more comments (2 replies) [-]KeithHanson 7 points8 points9 points 16 hours ago (5 children) It's not that a node has been hacked, but that a node has malicious code in it. In this case, the author of the malicious plugin preyed on the fact that nearly all of us in the community install things without reading the source. Even for myself, a professional developer, rarely will I read the source unless it doesn't work as intended and I'm debugging. Unfortunately for all of us, short of some kind of scanner for common ways to obfuscate code (which is a red flag), this is extremely difficult to defend against, even for savvy professionals The fact that this plugin buried the malicious code in a normal looking nonexistent python lib version from custom sources... It's a miracle OP even discovered this. That is a level of obfuscation that is impressive. And I'm not even sure how one defends against it in the future. :/ * permalink * embed * save * parent * report * reply [-]human358 4 points5 points6 points 13 hours ago (0 children) Sandboxing I guess * permalink * embed * save * parent * report * reply [-]2roK 2 points3 points4 points 13 hours ago (0 children) Yeah, we are fucked, god know what other ways we have gotten infected without knowing * permalink * embed * save * parent * report * reply [-]belladorexxx 2 points3 points4 points 12 hours ago (2 children) When you open the requirements.txt file in the root of the malicious repo, you see this: xxxx://github.com/AppleBotzz/Backup-Anthropic-Builds/raw/main/ anthropic-0.26.1-py3-none-any.whl #Custom wheel cuz buggy xxxx://github.com/AppleBotzz/Backup-OpenAI-Builds/raw/main/ openai-1.30.2-py3-none-any.whl #Also Custom wheel cuz buggy This is not how a requirements.txt file usually looks. I would not call this "well obfuscated". * permalink * embed * save * parent * report * reply [-]madbuda 3 points4 points5 points 9 hours ago (0 children) TBH, I have seen some people host wheels. I have wheels for windows triton package becuse they where never published. but still I agree, you should question that * permalink * embed * save * parent * report * reply [-]lordpuddingcup 3 points4 points5 points 8 hours ago (0 children) I think comfy manager should at minimum check requirements.txt for urls and throw a warning before performing an update or install * permalink * embed * save * parent * report * reply [-]Hahinator 1 point2 points3 points 8 hours ago (0 children) A bit of a spin off suggestion, but I don't think I could live w/o the full computer search program "Everything" shareware (https:// www.voidtools.com/support/everything/). It indexes all of your drives so you can search instantly (unlike Windows search which takes forever). It also updates files as they're being written, so it's up to the second and if you order by date you can see what files are being written where on your HDs. If you're concerned an app is saving temp files (images even) in some odd "user/appdata/etc" folder you can just type "temp" or something simple in the serach and it'll instantly show those folders which you can then set to show thumbnails to see if you have some things you don't want lingering (xxx images for some I'm sure). Made it super simple for me to scan for those listed malware files. Fortunately none are on any of my drives. Stay safe everyone! * permalink * embed * save * parent * report * reply [-]AwkwardAsHell 3 points4 points5 points 17 hours ago (0 children) [iXtfCCnrUGsygCaX_cjwC0S_Cgqa6EkfIqH3JkjMoA8] * permalink * embed * save * report * reply [-]decker12 3 points4 points5 points 15 hours ago (0 children) Times like these I love my Runpod workflow. Compromised? Oh noes! , , * permalink * embed * save * report * reply [-]Erorate 2 points3 points4 points 12 hours ago (7 children) We really should normalize running things in docker. It's not 100% solution, but way better running random .exe that download more code. * permalink * embed * save * report * reply [-]Philosopher_Jazzlike 1 point2 points3 points 8 hours ago (2 children) Or using a Virtuell Machine ? Would help? * permalink * embed * save * parent * report * reply [-]Erorate 0 points1 point2 points 8 hours ago (1 child) That as well, but GPU support might be trickier with that. * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]noyart 0 points1 point2 points 11 hours ago (2 children) where would someone begin that never heard of docker before. * permalink * embed * save * parent * report * reply [-]Erorate 0 points1 point2 points 9 hours ago* (1 child) Here's a rundown of docker itself: https://docs.docker.com/ get-started/ Then you can google "comfyui docker image". There's a few of them. * permalink * embed * save * parent * report * reply load more comments (1 reply) load more comments (1 reply) [-]LyriWinters 1 point2 points3 points 14 hours ago (9 children) https://github.com/AppleBotzz/Backup-Anthropic-Builds/raw/main/ anthropic-0.26.1-py3-none-any.whl #Custom wheel cuz buggy https://github.com/AppleBotzz/Backup-OpenAI-Builds/raw/main/ openai-1.30.2-py3-none-any.whl #Also Custom wheel cuz buggy Those are the files if you want to check how it's done. I wouldn't tinker with these files if you don't know what you're doing. They're in the requirements.txt for the Node. * permalink * embed * save * report * reply [-]noyart 1 point2 points3 points 13 hours ago (0 children) haha yea when I saw that I laughed. "wheel cuz buggy" XD * permalink * embed * save * parent * report * reply [-]Alarmed_Wind_4035 0 points1 point2 points 11 hours ago (2 children) I accidentally downloaded the file by clicking didn't run it or opened it, Im not in danger right? * permalink * embed * save * parent * report * reply [-]henk717 1 point2 points3 points 9 hours ago (0 children) No, it would need to be installed by pip to pose a risk. * permalink * embed * save * parent * report * reply [-]noyart 0 points1 point2 points 10 hours ago (0 children) don't think so if you didnt run it * permalink * embed * save * parent * report * reply load more comments (5 replies) [-]Serious-Pen1433 1 point2 points3 points 11 hours ago (1 child) Never trust custom packages in `requirements.txt`! Never trust obfuscated JavaScript! This is basic security knowledge. * permalink * embed * save * report * reply [-]noyart 3 points4 points5 points 10 hours ago (0 children) I wish i knew basic security , but Im only a windows defender kind of guy =( * permalink * embed * save * parent * report * reply [-]CeFurkan 1 point2 points3 points 7 hours ago (0 children) it sucks that there is no VM that supports bare metal GPU access. so none of the VMs work for this purpose. only way is docker and it is way cumbersome to compile and use * permalink * embed * save * report * reply [-]EricRollei 0 points1 point2 points 15 hours ago (6 children) How does this virus grab your browser passwords? That's frightening that it could be that easy * permalink * embed * save * report * reply [-]_roblaughter_[S] 2 points3 points4 points 15 hours ago (5 children) Because it's running locally, it has full access to your file system. This script looped through all of the possible browsers, copied the user data from their databases, extracted the decryption key, and packaged it all up to send to bad people. It's kind of appalling that it would be that easy, but that's what we get for running code willy nilly, I suppose. * permalink * embed * save * parent * report * reply [-]EricRollei 0 points1 point2 points 14 hours ago (1 child) Yeah really scary. What would I look for before downloading code from GitHub to avoid this? * permalink * embed * save * parent * report * reply [-]DrakenZA 2 points3 points4 points 13 hours ago (0 children) You cant really. Cause the code of the repo is fine. What they have done, is created a 'fake' openAI pkg that has nasty code in it. So the only thing in the repo that would look off, is that its trying to get the python lib for OpenAI, for a version that is compromised. * permalink * embed * save * parent * report * reply [-]2roK 0 points1 point2 points 13 hours ago (1 child) What if I use a password manager like bitwarden? * permalink * embed * save * parent * report * reply load more comments (1 reply) [-]guajojo 0 points1 point2 points 8 hours ago (0 children) Would running firefox protect me from this? What measure could I take to prevent any program in the future from stealing the DB of my browser? * permalink * embed * save * parent * report * reply [-]Banksie123 0 points1 point2 points 13 hours ago (0 children) Thank you so much for sharing this. * permalink * embed * save * report * reply [-]IntelligentRub9921 0 points1 point2 points 13 hours ago* (2 children) Thank you so much for reporting this and sorry to hear you've been affected. I checked for the files, and as far as I can tell, I can't find any from the first step. From the second step, I have 'openai-1.30.1.dist-info'. Am I safe since it's an older version? Edit: Also don't have the things mentioned in the third step. * permalink * embed * save * report * reply [-]Silly_Goose6714 1 point2 points3 points 4 hours ago (1 child) It's not about to be older, it's about to be legit * permalink * embed * save * parent * report * reply [-]IntelligentRub9921 0 points1 point2 points 4 hours ago (0 children) Thank you. I can't find any of the mentioned files so I think I'm safe. * permalink * embed * save * parent * report * reply [-]scottdetweiler 0 points1 point2 points 11 hours ago (2 children) Someone should contact discord as well and that server can be disabled as that's against their TOS. * permalink * embed * save * report * reply [-]_roblaughter_[S] 3 points4 points5 points 11 hours ago (1 child) I already have. * permalink * embed * save * parent * report * reply [-]scottdetweiler 1 point2 points3 points 11 hours ago (0 children) Thank you! You kicked some ass on this! You saved people from a lot of pain. * permalink * embed * save * parent * report * reply [-]notimeforthatstuff 0 points1 point2 points 11 hours ago (0 children) I'm pulling mine from stability AI, hopefully they aren't compromised * permalink * embed * save * report * reply [-]usa_commie 0 points1 point2 points 10 hours ago (0 children) Nice work * permalink * embed * save * report * reply [-]WASasquatch 0 points1 point2 points 6 hours ago (1 child) I'm not the best with docker, but just curious. Won't most people setup docker with host driven assets to persist them, this create vulnerability exploits that lead to the host? Wouldn't they actually have to create a static image, or services to side load assets? * permalink * embed * save * report * reply [-]sahil1572 1 point2 points3 points 5 hours ago (0 children) it does but those script are executed only on guest , except some autorun .exe files on windows , but now a days most of the autorun got eliminated by antivirus systems * permalink * embed * save * parent * report * reply [-]NoYogurtcloset4090 0 points1 point2 points 6 hours ago (0 children) FK * permalink * embed * save * report * reply [-]Extraltodeus 0 points1 point2 points 4 hours ago (0 children) the repository got deleted, which package name was it? * permalink * embed * save * report * reply [-]AnomalyNexus 0 points1 point2 points 2 hours ago (1 child) You should really just nuke the entire OS if it is known to be compromised. Even after removing the files you can't really know what else was tweaked to weaken the OS security or facilitate re-infection * permalink * embed * save * report * reply [-]_roblaughter_[S] 3 points4 points5 points 2 hours ago (0 children) Given that I had access to the source code, I do know exactly what was compromised here. This wasn't exactly the work of a genius. Just a script kiddie that snuck something into a node. * permalink * embed * save * parent * report * reply load more comments (29 replies) * about * blog * about * advertising * careers * help * site rules * Reddit help center * reddiquette * mod guidelines * contact us * apps & tools * Reddit for iPhone * Reddit for Android * mobile website * <3 * reddit premium Use of this site constitutes acceptance of our User Agreement and Privacy Policy. (c) 2024 reddit inc. All rights reserved. REDDIT and the ALIEN Logo are registered trademarks of reddit inc. [pixel] p Rendered by PID 155147 on reddit-service-r2-loggedout-746c66c4c-mcthf at 2024-06-09 23:01:50.446550+00:00 running 26b489f country code: US.