Man pleads to using malicious AI software for hacking Disney employee

A California man has pleaded to hacking a Disney employee by tricking them into running a malicious open source AI image generator tool.

Ryan Mitchell Kramer (25), pleaded guilty to two counts of accessing computers and obtaining data and one count of threatening damage to a protected computer. The US Attorney for Central District of California MondayKramer admitted in a plea deal that he had published an AI-generated art app on GitHub. The program was infected with malicious code, which gave computers that had installed it access to the internet. Kramer operated under the name NullBulge.

This is not the ComfyUI that you are looking for

Researchers at VPNMentorhave confirmed that Kramer used ComfyUI_LLMVISION. It was a program that purported to be a legitimate extension for ComfyUI’s Image Generator. It had functions added for copying passwords and payment card data from machines where it was installed. The fake extension sent the data directly to Kramer’s Discord server. To disguise the malicious code better, it was folded up into files with the names OpenAI or Anthropic.

A Disney employee downloaded ComfyUI_LLMVISION on April 20, 2024. Kramer gained unauthorized access to victim’s computer, online accounts and private Disney Slack channel after gaining access to victim’s computer. In May, Kramer downloaded 1.1 terabytes worth of confidential data from thousands channels.

Kramer contacted an employee in early July and pretended to belong to a hacktivist organization. After receiving no response from the employee later that month, Kramer released the stolen data, which included, besides private Disney materials, the employee’s personal, medical and bank information.

Kramer admitted in his plea agreement that two other victims installed ComfyUI_LLMVISION and he had gained unauthorized access into their computers and accounts. The FBI is conducting an investigation. Kramer’s first court appearance is expected in the next few weeks.