All news with #blender tag

Malicious Blender 3D Model Files Spread Infostealer

⚠️ Researchers observed threat actors distributing the StealC V2 infostealer hidden inside free .blend files on marketplaces like CGTrader. When Blender’s Auto Run Python Scripts setting is enabled, opening these models executes embedded Python that fetches a loader via Cloudflare Workers and runs a PowerShell chain to deploy payloads. The campaign exfiltrated browser and wallet data and abused a UAC bypass. Disable autorun and restrict unvetted tools.

Blender .blend Files Weaponized to Deliver StealC V2

🛡️ Cybersecurity researchers disclosed a campaign that leverages Blender .blend files hosted on public asset sites to deliver the information stealer StealC V2. Malicious .blend assets contain embedded Python scripts that execute when Blender's Auto Run is enabled, fetching PowerShell code and two ZIP archives — one deploying StealC V2 and the other a secondary Python stealer. Vendors advise keeping Auto Run disabled and verifying asset sources.

Blender model files used to deliver StealC infostealer

⚠️ Researchers at Morphisec observed a Russian-linked campaign using malicious Blender .blend files uploaded to 3D model marketplaces to deliver the StealC V2 infostealer. The embedded Python in the .blend fetches a loader from a Cloudflare Workers domain, which runs a PowerShell script to download two ZIP archives, unpack them into %TEMP%, drop LNK shortcuts into the Startup folder for persistence, and deploy both the StealC payload and an auxiliary Python stealer. Users are advised to disable Blender's Auto Run for Python scripts and treat downloaded 3D assets like executables, testing unknown files in sandboxed environments.