A group of hackers created a generative artificial intelligence (AI) image generator add-on called Stable Diffusion, uploaded it to Github, and infected the computers of several image generator users with it – Writes 404 Media.
The hackers claim that this is a protest against the exploitation of digital artists because they believe that “works produced by artificial intelligence are harmful to the creative industries and therefore should not be supported.”
The attackers did not specifically infect Stable Diffusion, but rather the popular free add-on ComfyUI, which allows users to use the image builder with a simpler interface. The attackers tampered with an add-on called ComfyUI_LLMVISION, which is useful for integrating large language models called GPT-4 and Claude 3 into the user interface.
The ComfyUI page is currently unavailable on Github, but before it was taken down, it was said to have been hacked by a team called Nullbulge Group.
“Maybe take a look at us and maybe think twice before issuing AI assets on such a poorly secured account.”
I stood on the page. The hackers wrote that they made their way into the add-on months ago, even before its creator uploaded it to Github.
Through the tampered add-on, hackers were able to access users' login data. Someone wrote about it on Reddit, but Nullbulge also announced on its own page that it had obtained the passwords of hundreds of users.
the It's called VPNMentor According to the VPN provider's analysis, the add-on is also capable of stealing crypto wallets, taking a snapshot of the user's screen, extracting device data and IP address, and stealing files that contain certain codewords or extensions in their names.
The currently unavailable Nullbulge page has an “About Us” section, which states that the team is a group of individuals who care about protecting the rights of artists, as well as ensuring that artists are properly compensated for their work. There was also a “FAQ” section on the site that looked like this:
“You hacked me/we/my website! Why?
We are sorry we did this to you, but we only resort to such things when you commit one of our sins.Art theft
Crypto promotion
Work created by artificial intelligence
Stealing from Patreon or other sites that support artists
“All other forms of stealing from artists.”
404 Media points out that other than that, there's no proof that they're truly rights-defending pirates, or that they only pretend to really care about creators' rights, but they enthusiastically attack anyone online anyway.