Summary

Between October 17th and 19th, 2024, a malicious actor uploaded two node packs to the Comfy Registry containing the malware. Following a flag from an automated security scanner and manual review by the Registry team, the malicious versions were banned on October 21st. Before the ban was implemented, these nodes were downloaded a total of 790 times.

The Timeline of Events

• Oct 17 – Oct 19, 2025: Two node packs were published to the registry by the user lonemilk:

  • lonemilk-upscalernew-4k

  • upscaler-4k

• Oct 19, 2025: A third, similar-sounding pack (ComfyUI-Upscaler-4K) was created by user eliseiborisov.

• Oct 21, 2025, 5:00 PM PST: An internal security scanner flagged suspicious code patterns in the lonemilk packages.

• Oct 21, 2025, evening: Registry maintainer Dr.Lt.Data reviewed the code and confirmed the malware.

• Oct 21, 2025: All published versions of the malicious nodes were banned from the Comfy Node Registry (CNR).

Here is a screenshot showing the node packs banned in our database