Cybersecurity researchers have uncovered a campaign exploiting Blender files to deliver the StealC V2 information stealer, targeting users through malicious .blend files on platforms like CGTrader. The attack leverages embedded Python scripts that execute upon opening, stealing data from browsers, wallets, and messaging apps. #StealC #BlenderSecurity
Keypoints
- The campaign has been active for at least six months, involving infected 3D model files on asset sites.
- Malicious .blend files contain embedded Python scripts that auto-execute when opened with Blenderβs Auto Run enabled.
- Attackers use decoy documents and evasive techniques similar to previous Russian-linked campaigns targeting online communities.
- The malware chain downloads ZIP archives: one with StealC V2 payload and another with secondary Python stealer scripts.
- Users are advised to disable Auto Run in Blender unless files are from trusted sources to mitigate the risk.
Read More: https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html