Malware distributed via ComfyUI server exploits

GBHackers News reports that at least 695 servers around the world have been compromised with the Pickai stealer backdoor in attacks involving critical flaws impacting the popular artificial intelligence image-generation tool ComfyUI since March. Malicious actors leveraged the ComfyUI vulnerabilities to facilitate the distribution of configuration file-spoofing ELF executables that lead to the injection of Pickai, which not only pilfers AI-related information, runs remote commands, and creates reverse shell access, but also ensures covertness through process name impersonation, anti-debugging, and various persistence mechanisms, a report from XLab showed. Pickai which has been found in the commercial platform Rubrick.ai was also noted to use multiple command-and-control servers to harden its network without encryption. With Pickai's advanced capabilities and a lack of response from Rubrick.ai regarding the security issue, organizations' network administrators have been advised to thoroughly review their systems to ensure the absence of the backdoor.