Closed ForsakenTwilight closed 1 month ago
vladmandic
commented
1 month ago sdnext does not include ANY binaries or compiled code and entire source code is here on GitHub where anyone can see it.
If you have any more information other than a wild claim, I'd be happy to investigate further.
Also, you posted the same thing in multiple places which is not allowed, but given the severity of the claim I'll allow the exception - if you can provide any proof to the claim.
ForsakenTwilight
commented
1 month ago I really don't know what to tell you. All I can say is, I downloaded this and configured it on July 27, during which I got an AV prompt from Microsoft windows security, which I allowed on my computer back then, as this was supposed to be "safe" (now i know its not) and that it should be merely a false positive (granted i was using vlad diffusion before this without issues). The next day, on july 28, all my crypto was gone (completely emptied from my wallet), my crypto was sitting in that wallet for years, and the only difference was installing vladmantic.
This is the gist of what happened.
vladmandic
commented
1 month ago let's start from beginning - you downloaded what (actual url) and how? sdnext is typically installed by running git clone, not downloading anything.
ForsakenTwilight
commented
1 month ago I used the step by step installation guide
this was the link i used to clone it "git clone https://github.com/vladmandic/automatic"
then ran it using this "webui.bat --debug"
ForsakenTwilight
commented
1 month ago i remember right after doing this i got a flag from the AV
vladmandic
commented
1 month ago those are correct steps and Ive never heard of av warning there nor does it install any hidden or non standard binary - entire code base and libraries are fully documented.
I suggest to check your windows event log and back trace all the events.
at the very least, the av warning you mentioned should still be logged on your system.
btw, you're the first that ever reported anything like this and there are tens of thousands of users. I'm not dismissing the claim, but it does need some proof.
Also, crypto was stolen from where? I haven't seen a crypto wallet or an online account without a passcode/pin.
ForsakenTwilight
commented
1 month ago I had to nuke my windows installation shortly after, as it was compromised, and I did not want to take any more chances. So the installation was reset. I understand that I may be the first here, but I have seen many people submit reports on Reddit to malicious webui.bat, granted it may or may not have been this fork of Stable Diffusion, it could have been any of them. But for me, I was able to narrow it down because this is literally the only change I have made to my system, and it was only one day prior to the theft happening.
Also, crypto was stolen from where? I haven't seen a crypto wallet or an online account without a passcode/pin.
Lol no, imagine an online account without a pin. That would be quite something.
It was stolen from exodus wallet, this kind of wallet is usually installed directly on the device (pc, mobile etc…)
brknsoul
commented
1 month ago There was an issue a week or so ago where a malicious actor edited some wiki entries, adding a exe "installer". The wiki has since been locked down.
vladmandic
commented
1 month ago There was an issue a week or so ago where a malicious actor edited some wiki entries, adding a exe "installer". The wiki has since been locked down.
user claims he used standard git clone, not installer.
vladmandic
commented
1 month ago I wish you at least saved event log. as it is, all there is a wild claim without anything to go on.
I do believe you were compromised, but also note that majority of trojans act with delay, so your deduction may not be accurate.
Bercraft
commented
1 month ago you can at least trace the crypto movements....but if they stole them now they are gone..........change every password you have, you might have downloaded a malicious remote control tool so the hackers now might have access to every device in your network...the infection might have spread......if thats the case "There was an issue a week or so ago where a malicious actor edited some wiki entries, adding a exe "installer". The wiki has since been locked down." well my friend you were unlucky.
vladmandic
commented
1 month ago closing as no further investigation is possible as author reinstalled the system - there are no logs available. if any further information is available, please update here and i'll reopen the issue as needed.
ForsakenTwilight
commented
1 month ago There was an issue a week or so ago where a malicious actor edited some wiki entries, adding a exe "installer". The wiki has since been locked down.
I did not use any exe
There was an issue a week or so ago where a malicious actor edited some wiki entries, adding a exe "installer". The wiki has since been locked down.
user claims he used standard git clone, not installer.
Yes, a git clone was used
I wish you at least saved event log. as it is, all there is a wild claim without anything to go on.
I do believe you were compromised, but also note that majority of trojans act with delay, so your deduction may not be accurate.
exodus asked me to gather the wallet safe logs, which i did and sent it to them.
you can at least trace the crypto movements....but if they stole them now they are gone..........change every password you have, you might have downloaded a malicious remote control tool so the hackers now might have access to every device in your network...the infection might have spread......if thats the case "There was an issue a week or so ago where a malicious actor edited some wiki entries, adding a exe "installer". The wiki has since been locked down." well my friend you were unlucky.
you're talking about him possibly having control of every device on my network. But it's been since I set up NordVPN and malwarebytes on all my devices, both paid options. I am not sure if that's sufficient, do you have any other suggestions I might be able to use to safeguard myself?
Bercraft
commented
1 month ago Give me an e-mail to contact you or we pollute sdnext github issue
vladmandic
commented
1 month ago feel free to continue using this thread if you want.
Bercraft
commented
4 weeks ago Firstly download eset free scanner and do a scan of system to find possible hidden things https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner_enu.exe. Than look for strange mails in your inbox DO NOT OPEN THEM. Look if on google to the activity to find strange things if on macOS use analog. other than this the question is too complicated maybe ask one of your friends if he is a tech savy. Hope it helps
ForsakenTwilight
commented
4 weeks ago Give me an e-mail to contact you or we pollute sdnext github issue
I will give you a secondary email as i don't want to risk some malicious third party seeing my main email. You can contact me on deforsakenx@gmail.com
Firstly download eset free scanner and do a scan of system to find possible hidden things https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner_enu.exe. Than look for strange mails in your inbox DO NOT OPEN THEM. Look if on google to the activity to find strange things if on macOS use analog. other than this the question is too complicated maybe ask one of your friends if he is a tech savy. Hope it helps
I have malwarebytes premium subscription as well as NordVPN with threat protection pro + web protection and vulnerability protection
Issue Description
My crypto was stolen just one day after I installed Vladmandic, not sure how it happened.
But when it was first installed I got an AV prompt, which I thought was a false positive But Apparently I was wrong. Never trusting any of you again and this was already reported to the feds, I know nothing will come out of it, but hopefully enough people report it
Version Platform Description
No response
Relevant log output
No response
Backend
Diffusers
UI
Standard
Branch
Master
Model
StableDiffusion 1.5
Acknowledgements