A California man has pleaded responsible to hacking an worker of The Walt Disney Firm by tricking the individual into working a malicious model of a extensively used open supply AI picture technology device.
Ryan Mitchell Kramer, 25, pleaded responsible to 1 depend of accessing a pc and acquiring info and one depend of threatening to wreck a protected pc, the US Lawyer for the Central District of California stated Monday. In a plea settlement, Kramer stated he revealed an app on GitHub for creating AI-generated artwork. This system contained malicious code that gave entry to computer systems that put in it. Kramer operated utilizing the moniker NullBulge.
Not the ComfyUI you’re searching for
In keeping with researchers at VPNMentor, this system Kramer used was ComfyUI_LLMVISION, which presupposed to be an extension for the authentic ComfyUI picture generator and had capabilities added to it for copying passwords, fee card knowledge, and different delicate info from machines that put in it. The faux extension then despatched the info to a Discord server that Kramer operated. To higher disguise the malicious code, it was folded into recordsdata that used the names OpenAI and Anthropic.
Two recordsdata mechanically downloaded by ComfyUI_LLMVISION, as displayed by a consumer’s Python package deal supervisor.
Credit score:
VPNMentor
The Disney worker downloaded ComfyUI_LLMVISION in April 2024. After gaining unauthorized entry to the sufferer’s pc and on-line accounts, Kramer accessed personal Disney Slack channels. In Might, he downloaded roughly 1.1 terabytes of confidential knowledge from 1000’s of the channels.
In early July, Kramer contacted the worker and pretended to be a member of a hacktivist group. Later that month, after receiving no reply from the worker, Kramer publicly launched the stolen info, which, apart from personal Disney materials, additionally included the worker’s financial institution, medical, and private info.
Within the plea settlement, Kramer admitted that two different victims had put in ComfyUI_LLMVISION, and he gained unauthorized entry to their computer systems and accounts as nicely. The FBI is investigating. Kramer is predicted to make his first court docket look within the coming weeks.
