/r/StableDiffusion is back open after the protest of Reddit killing open API access, which will bankrupt app developers, hamper moderation, and exclude blind users from the site. More info: https://rtech.support/docs/meta/blackout.html#what-is-going-on Discord: https://discord.gg/4WbTj8YskM Check out our new Lemmy instance: https://lemmy.dbzer0.com/c/stable_diffusion
[PSA] NullBulge malware/ransomware
News
A group named "NullBulge" at nullbulge(dot)com (wouldn't click without vpn) is spreading malware/ransomware through fake leaked BeamNG mods, random AI stuff such as ComfyUI nodes, and who knows what else. Careful about what you're downloading and check through the code for anything obfuscated or malicious before actually running it. This goes for even the well-known stuff since they claim to be "hacking" accounts of tool/script creators.
An example of an attack they recently have done that includes AI stuff is the recent ComfyUI LLMVISION incident. They claimed responsibility on their website and github along with leaking roblaughter's passwords. It's obviously their account though as they use the alias for malware on other sites.
They usually host their payloads on pixeldrain.com so you could modify your hosts file to block the pixeldrain domain (C:\Windows\System32\etc\hosts)
Add to the end of the file "127.0.0.1 pixeldrain.com" to block out pixeldrain downloads (I wouldn't count on this to 100% save you)
EDIT: NullBulge(dot)com seems to have been (temporarily?) taken down by their domain provider!
Archive of their site if you're curious https://web.archive.org/web/20240610173703/http://nullbulge.com
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
I wouldn't call "hacked" script cause the initial commit already has the malware. This was planned since the very beginning.
Straight luddites:
Of course it's probably just bullshit and they are crypto scammers.
I'm assuming this person is pretending to be a collective of kinky anti-AI furries? It's definitely bullshit.
The lion-with-null-bulge artwork on the site is almost definitely AI generated. It is precisely 1024x1024 pixels and has subtle AI generation artifacts.
Furries are even more opposed to cryptocurrency than they are to AI. The site even lists "crypto promotion" as a "sin", and yet accepts donations to a Monero address.
Anti-AI furries would never use the word 'ret*rd'.
Yea, the monero addy after crypto "sins" took the cake.
I bet it's one guy who lives with his parents. He's butthurt over losing his brony hentai art commissions to AI.
What these kind of guys don't get is they aren't entitled to my money. I cut the studios out, I can cut them out too. There's plenty of entertainment out there. You can't make enemies out of your audience. There's a third option between paying and pirating, it's ignoring.
Well said ! There is a lot of power in NOT doing thing. Not paying attention. Not buying. Not going. Not working. Not following orders.
The commits on the "LLMVISION" repo do not support this. See the main thread on this:https://old.reddit.com/r/comfyui/comments/1dbls5n/psa_if_youve_used_the_comfyui_llmvision_node_from/l7sxeok/
The malware was in it from initial commit. Can chase rabbit holes which is prob what that kid wants, but owner of repo didn't have his repo taken over as a briefly hosted update said (and linked to this name you mention).
He's doing it on some mod forum as well: https://www.modland.net/beamng.drive-mods/cars/bolide-skyrider.html
Stop pushing his bullshit deflection - FBI was alerted and anyone who had their information hacked should definitely file a claim if they haven't.
They registered the domain on the 2nd of this month with Tucows. Here is the link to report them and get them shut down.
https://tucowsdomains.com/abuse-form/spam/
I think they are using FDCservers.net as their webhost for pixeldrain:https://www.nslookup.io/domains/pixeldrain.com/webservers/. Report them to the PixelDrain staff here: https://pixeldrain.com/abuseAnd Leaseweb Canada Inc. as their webhost for the nullbulge site: https://www.nslookup.io/domains/nullbulge.com/webservers/
So make sure to report them to both those services as well.
Pixeldrain is a legitimate file hosting website, but do report them to Leaseweb
Thanks, I updated my comment to point users to PixelDrain's reporting contact system.
https://www.modland.net/beamng.drive-mods/cars/bolide-skyrider.html
It's the author - not wtf he tried to write it off as.
Comment deleted by user
A different domain than nullbulge.com?
These “activists” are protecting big corpo money. And justifying themselves saying “individuals who believe in the importance of protecting artists”
I don’t see them taking down dall-e or midjourney anytime soon.
The user who posted this was behind it 100% - he's actively doing it on a mod forum as well: https://www.modland.net/beamng.drive-mods/cars/bolide-skyrider.html
FBI has been notified so he can deal w/ that.
i wonder if anyone using kaspersky internet security was able to install that malicious code and run? any info on this?
Thanks for the heads up. I added those domains to the block list on my router. For those of you have an Asus router, go to your Advanced settings -> firewall -> URL filter.
be sure to block file hosting websites to protect yourselves kiddos
bro i just said to block it out for the time being as it's extremely uncommon and being used maliciously. i told you guys to not count on it either😭
It is a good time to try simplewall from henryapp (https://github.com/henrypp/simplewall), because Windows' UI sucks. Have been using it for years.
I configured it to block all connections until I click allow.