Scam Email Targets ComfyUI Extension Developers with Malicious npm Package ‘runaic/aic’
English summary
A ComfyUI extension developer reported receiving a scam email designed to trick recipients into installing a malicious npm package or executing a shell script via `curl | sh`. The package, named ‘runaic/aic’, likely aims to steal GitHub and ComfyUI Registry credentials and inject harmful code into extensions, which could compromise ComfyUI users. The developer warns that the small, targeted attack helps bypass spam detection and urges the community to report the package and remain vigilant against such social engineering threats.
Chinese summary
一位 ComfyUI 扩展开发者报告收到了一封诈骗邮件,该邮件诱导收件人通过 `curl | sh` 安装恶意 npm 包或执行脚本。该恶意包名为 ‘runaic/aic’,很可能用于窃取 GitHub 和 ComfyUI Registry 凭证,并向扩展中注入有害代码,从而危及 ComfyUI 用户。开发者警告说,这种精确定向的攻击容易绕过垃圾邮件检测,呼吁社区举报该包并对此类社工攻击保持警惕。
Key points
A scam email targeting ComfyUI extension developers tries to trick them into running `curl | sh` or installing an npm package.
一封诈骗邮件针对 ComfyUI 扩展开发者,试图诱骗他们运行 `curl | sh` 或安装 npm 包。
The malicious npm package is named ‘runaic/aic’ and is intended to steal credentials (GitHub, ComfyUI Registry) and inject malicious code into extensions.
恶意 npm 包名为 ‘runaic/aic’,目的是窃取凭证(GitHub、ComfyUI Registry)并向扩展注入恶意代码。
If successful, the attack could harm the broader ComfyUI user base by distributing compromised extensions.
一旦得逞,攻击可能通过分发被感染的扩展危害整个 ComfyUI 用户群。
The developer warns that small, targeted campaigns can evade spam filters and urges reporting and caution.
开发者警告,小范围定向攻击易于逃避垃圾邮件过滤,呼吁举报并保持警惕。