Sneaky Crypto Mining Attack in ComfyUI Custom Nodes

Posted on December 6, 2024 - Comfyui

G'day! I recently stumbled upon something pretty scary while making AI art with ComfyUI, and I reckon you should know about it. Someone tried to use my computer to mine cryptocurrency without asking! Let me tell you what happened and how to keep yourself safe.

The Day I Discovered Something Fishy 🕵️

I was just minding my own business, playing around with ComfyUI to create some cool AI art. You know how it goes - installing extensions to get more features. But then my computer started acting proper weird. The fan was going mental, and everything was running slow as molasses.

After some digging (and a lot of head-scratching), I found the culprit hiding in a package called Ultralytics. It was being super sneaky, using my computer to mine crypto without even asking! The nerve of some people, right?

Here's what this cheeky program was up to:

  • Hiding in a legitimate-looking package
  • Running secret mining operations
  • Trying to connect to dodgy websites
  • Covering its tracks like a proper criminal

How These Sneaky Miners Work 🦊

Think of it like someone sneaking into your house and using your electricity to run their business - but on your computer! These crypto miners are proper clever about it too. They hide in normal-looking software that you install willingly.

The one I found was tucked away in something called the ComfyUI-Impact-Pack. When you install it, it brings along this dodgy Ultralytics package that's been tampered with. It's like ordering a pizza and getting an unwanted side of trouble!

Warning Signs That Something's Not Right 🚩

Keep your eyes peeled for these tell-tale signs:

  • Your computer's running hot enough to fry an egg
  • Everything's moving slower than a tortoise in treacle
  • Fan's making more noise than a vacuum cleaner
  • High CPU or GPU usage when you're not doing much
  • Strange network connections you didn't ask for

Protecting Your Computer from These Sneaky Blighters 🛡️

Here's what you can do to keep safe:

  1. Only download extensions from trusted sources
  2. Keep your antivirus up to date
  3. Check what's running on your computer regularly
  4. Be suspicious if things start running slowly
  5. Use a proper firewall

What to Do If You've Been Affected 🆘

Found something suspicious? Don't panic! Here's your action plan:

  1. Uninstall the dodgy software:
pip uninstall ultralytics ultralytics-thop

  1. Remove any suspicious extensions (in my case, the ComfyUI-Impact-Pack)

  2. Run a proper virus scan

  3. Check your computer's not still trying to connect to any weird websites

Frequently Asked Questions 🤔

Q: How do I know if I've got this specific mining problem? A: Check if you've got the ComfyUI-Impact-Pack installed and look for unusual CPU/GPU usage.

Q: Will uninstalling the software fix everything? A: Usually yes, but it's best to run a full virus scan just to be sure.

Q: Can this damage my computer? A: It might wear out your hardware faster if left running for ages.

Q: Should I stop using ComfyUI? A: Nah, just be careful about which extensions you install.