Beware of AI Pickpockets: Pickai Backdoor Spreading Through ComfyUI Vulnerability
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new backdoor named Pickai is exploiting ComfyUI vulnerabilities to spread and steal sensitive AI data. Developed in C++, Pickai offers remote command execution and reverse shell capabilities with strong persistence and evasion techniques. It uses multiple C2 servers for redundancy and has infected nearly 700 devices globally. The malware is hosted on Rubick.ai, an AI e-commerce platform serving major brands, posing significant supply chain risks. Pickai employs various obfuscation methods, including string encryption, process disguise, and multiple persistence mechanisms. Its network communication uses a three-tier timing strategy for C2 communication and device information reporting.
OPENCTI LABELS :
backdoor,c2,vulnerability,evasion,supply chain attack,persistence,pickai,comfyui,ai data theft
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Beware of AI Pickpockets: Pickai Backdoor Spreading Through ComfyUI Vulnerability