- Russian hackers exploit Blender’s Auto Run feature to deliver StealC information stealer via .blend files.
- Malware deployed via CGTrader assets, extracting payloads from Cloudflare Workers domains
- StealC variant targets browsers, crypto wallets, chat apps and VPN clients without being detected
Blender has a handy but risky feature that experts say is being exploited by Russian hackers to spread infostealer malware.
Cybersecurity researchers Morphisec observed the attacks in the wild and urged designers and other professionals to be vigilant.
Blender is a widely used open source 3D creation suite popular among artists, animators, game developers, and studios for everything from modeling and rendering to visual effects. There’s also CGTrader, a marketplace where 3D artists and designers can buy, sell, and share user-generated models and assets for their projects.
A significant impact
Morphisec now claims to have seen Russian-linked cybercriminals upload .blend files containing embedded Python code to CGTrader.
The code extracts a malware loader from a Cloudflare Workers domain which, in turn, extracts two ZIP archives. These deploy two payloads, including a StealC infostealer and an auxiliary Python thief, likely as a fallback.
Obviously the Python code must be triggered. This is where the “convenient, but risky” feature comes in. It’s called Auto Run, and if enabled, when a user opens a character rig, the script automatically loads facial controls and custom UI panels and, therefore, triggers the malware deployment process.
StealC is a popular infostealer that has been around for years and has been seen in many high-profile campaigns. It is also constantly under development, with newer versions improving persistence, stealth, and information theft capabilities.
This latest variant, used in this campaign, can extract data from 20+ browsers, 100+ cryptocurrency wallet browser extensions, 15+ cryptocurrency wallet apps, the majority of chat apps, as well as VPN clients.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
