1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Malicious Blender model files deliver StealC infostealing malware

    From TechnologyDaily@1337:1/100 to All on Thursday, November 27, 2025 20:30:10
    Malicious Blender model files deliver StealC infostealing malware

    Date:
    Thu, 27 Nov 2025 20:23:00 +0000

    Description:
    Another open source platform being abused to infect users with infostealers.

    FULL STORY ======================================================================Russian hackers exploit Blenders Auto Run feature to deliver StealC infostealer via .blend files Malware deployed through CGTrader assets, pulling payloads from Cloudflare Workers domains StealC variant targets browsers, crypto wallets, chat apps, and VPN clients undetected

    Blender has a convenient but risky feature which experts have found is being exploited by Russian hackers to deliver infostealer malware.

    Cybersecurity researchers Morphisec observed the attacks in the wild and
    urged designers and other professionals to be vigilant.

    Blender is a widely used open source 3D creation suite popular among artists, animators, game developers, and studios for everything from modeling and rendering to visual effects. There is also CGTrader, a marketplace where 3D artists and designers can buy, sell, and share user-generated models and assets for their projects. Significant impact

    Now, Morphisec says it saw Russia-linked cybercriminals upload .blend files with embedded Python code onto CGTrader.

    The code pulls a malware loader from a Cloudflare Workers domain which, in turn, pulls two ZIP archives. These deploy two payloads, including a StealC infostealer and an auxiliary Python stealer, likely as a fallback.

    Obviously, the Python code needs to be triggered. That is where the convenient, but risky feature comes in. It is called Auto Run, and if it is enabled, when a user opens a character rig, the script automatically loads
    the facial controls and custom UI panels and, consequently, triggers the malware deployment process.

    StealC is a popular infostealer thats been around for years and was observed in numerous high-profile campaigns. It is also constantly in development,
    with newer versions getting better at persistence, stealth, and infostealing capabilities.

    This latest variant, used in this campaign, can pull data from more than 20 browsers, more than 100 cryptocurrency wallet browser extensions, more than
    15 cryptocurrency wallet apps, the majority of chat apps, as well as VPN clients.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/malicious-blender-model-files-deliver-s tealc-infostealing-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)