- Pro
- Security
Another open source platform is being abused for malware
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Avast)
- Russian hackers exploit Blender’s Auto Run feature to deliver StealC infostealer via .blend files
- Malware deployed through CGTrader assets, pulling payloads from Cloudflare Workers domains
- StealC variant targets browsers, crypto wallets, chat apps, and VPN clients undetected
Blender has a convenient but risky feature which experts have found is being exploited by Russian hackers to deliver infostealer malware.
Cybersecurity researchers Morphisec observed the attacks in the wild and urged designers and other professionals to be vigilant.
- Amazon Black Friday deals are live: here are our picks!
Blender is a widely used open source 3D creation suite popular among artists, animators, game developers, and studios for everything from modeling and rendering to visual effects. There is also CGTrader, a marketplace where 3D artists and designers can buy, sell, and share user-generated models and assets for their projects.
You may like-
VSCode market struck by huge influx of malicious WhiteCobra extensions - so be warned
-
Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware
-
Fake VPN checker tool lets hackers bypass antivirus protections
Significant impact
Now, Morphisec says it saw Russia-linked cybercriminals upload .blend files with embedded Python code onto CGTrader.
The code pulls a malware loader from a Cloudflare Workers domain which, in turn, pulls two ZIP archives. These deploy two payloads, including a StealC infostealer and an auxiliary Python stealer, likely as a fallback.
Obviously, the Python code needs to be triggered. That is where the “convenient, but risky” feature comes in. It is called Auto Run, and if it is enabled, when a user opens a character rig, the script automatically loads the facial controls and custom UI panels and, consequently, triggers the malware deployment process.
StealC is a popular infostealer that’s been around for years and was observed in numerous high-profile campaigns. It is also constantly in development, with newer versions getting better at persistence, stealth, and infostealing capabilities.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.This latest variant, used in this campaign, can pull data from more than 20 browsers, more than 100 cryptocurrency wallet browser extensions, more than 15 cryptocurrency wallet apps, the majority of chat apps, as well as VPN clients.
Via BleepingComputer
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
TOPICS Malware Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
VSCode market struck by huge influx of malicious WhiteCobra extensions - so be warned
Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware
Fake VPN checker tool lets hackers bypass antivirus protections
TikTok videos used to hide dangerous malware attacks - here's how to stay safe
Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers - here's what you need to stay safe
Criminals are using AI-generated fake copyright violation threats to take over social media and websites - here's what you need to know
Latest in Security
Popular JavaScript library can be hacked to allow attackers into user accounts
Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware
This devious botnet tried a trial run during the recent AWS outage - so when will it be back?
These worrying security flaws could put every major cloud provider at risk - here's what we know so far
Asahi confirms cyberattack leaked data on 1.5 million customers
New macOS malware chain could cause a major security headache - here's what we know
Latest in News
OpenAI apologizes for big Mixpanel data breach that exposed emails and more
Claude Opus 4.5 is now live and "meaningfully better" at everyday tasks
NYT Connections hints and answers for Friday, November 28 (game #901)
NYT Strands hints and answers for Friday, November 28 (game #635)
Quordle hints and answers for Friday, November 28 (game #1404)
Marvel Rivals is having a Black Friday Blowout to celebrate the game's first anniversary – here's how it works
LATEST ARTICLES- 1Amazon Singapore's Black Friday sale is slashing prices on top-rated tech – these are my 70+ favourite deals so far
- 2After a year of using Threat Protection Pro, a NordVPN Plus plan might be the only Black Friday VPN deal I recommend
- 3These worrying security flaws could put every major cloud provider at risk - here's what we know so far
- 4OpenAI apologizes for big Mixpanel data breach that exposed emails and more – here's what we know
- 5Opera Neon’s AI researcher does in one minute what used to take a dozen tabs
