A man from California has found guilty guilty of hacking a Walt Disney company employee by misleading the person to run an evil version of a commonly used open source AI image generation -tool.
Ryan Mitchell Kramer, 25, argued guilty of one census of access to a computer and gaining information and one counting of threatening to damage a protected computer, said the American lawyer for the central district of California on Monday. In a pleid we said, Kramer said that he published an app on Github for making AI-generated art. The program contained malignant code that gave access to computers that installed it. Kramer operated using the name Nullbulge.
Not the comfyui you are looking for
According to researchers from VPNmentor, the program that Kramer used used Comfyui_Llmvision, which claimed to be an expansion for the legitimate Comfyui image generator and had functions that were added to copying passwords, payment card data and other sensitive information of machines that installed it. The fake extension then sent the data to a Discord server that Kramer operated. To better hide the malignant code, it was folded in files that the Names Openai and Anthropic used.
Two files automatically downloaded by Comfyui_LLMVision, as shown by a Python package manager of a user.
Credit: VPNmentor
The Disney employee downloaded Comfyui_Llmvision in April 2024. After gaining unauthorized access to the computer and online accounts of the victim, Kramer has access to private Disney Slack channels. In May he downloaded approximately 1.1 terabytes of confidential data from thousands of channels.
At the beginning of July, Kramer contacted the employee and presented himself as a member of a Hacktivist group. Later that month, after he had not received an answer from the employee, Kramer publicly published the stolen information, which, in addition to private Disney material, also included the employee's bank, medical and personal information.
In the Pleidooi agreement, Kramer admitted that two other victims had installed Comfyui_Llmvision, and he also had unauthorized access to their computers and accounts. The FBI is investigating. Kramer is expected to appear his first court in the coming weeks.
