An ongoing malicious operation, active for a minimum of six months, has been utilizing Blender Foundation files to deliver the StealC V2 information stealer. Researchers at Morphisec, including Shmuel Uzan, reported that this campaign involves implanting malicious .blend files onto platforms that host computer graphics assets, such as CGTrader. Unsuspecting users download these 3D models, and when they are opened in the free, open-source 3D creation suite, Blender, the embedded Python scripts are executed automatically, initiating the infection chain.
The cybersecurity company noted that the current activities bear similarities to a previous campaign attributed to Russian-speaking threat actors. That prior operation involved the impersonation of the Electronic Frontier Foundation (EFF) to target the online gaming community, infecting victims with StealC and Pyramid C2 malware. The current assessment is grounded in shared tactical characteristics observed in both campaigns, which include the use of decoy documents, various evasive techniques, and the execution of the malware in the background to avoid detection.
The newest series of attacks exploits the capability of .blend files to contain and execute embedded Python scripts, particularly those used for character rigs, when the Auto Run option is enabled in Blender. This feature, while useful for advanced tasks like rigging and automation, introduces a significant security vulnerability by permitting the execution of arbitrary Python code. Blender itself has acknowledged this danger in its documentation, cautioning that “The ability to include Python scripts within blend-files is valuable for advanced tasks… However, it poses a security risk since Python does not restrict what a script can do.”
The fundamental attack strategy involves threat actors uploading the malicious .blend files—containing a harmful script named “Rig_Ui.py”—to free 3D asset websites like CGTrader. As soon as a user opens the file with Blender’s Auto Run feature activated, the malicious script executes. This initial step triggers a command to fetch a PowerShell script, which is then used to download two separate ZIP archives to the compromised system.
One of the downloaded ZIP archives contains the payload for StealC V2, while the second deploys a secondary, Python-based information stealer. The StealC V2 version is an update first announced in late April 2025 and boasts a wide array of data-gathering capabilities. It is designed to extract sensitive information from a substantial list of applications, including 23 different browsers, 100 web plugins and extensions, 15 cryptocurrency wallet applications, various messaging services, VPNs, and email clients. Morphisec strongly advised users to “Keep Auto Run disabled unless the file source is trusted,” noting that attackers exploit Blender’s typical operation on physical machines with GPUs, which allows them to bypass virtual environments and sandboxes that might otherwise detect the threat.
Reference:
