Malicious Blender model files deliver StealC infostealing malware

A new threat campaign tied to Russian cyber actors is weaponizing malicious Blender model files to deliver the StealC V2 information-stealing malware, targeting creators who download assets from popular 3D marketplaces such as CGTrader. The campaign leverages Blender’s built-in scripting capabilities to execute hidden Python code as soon as a user opens a compromised 3D model.

How Blender’s Auto-Run Feature Is Exploited

Blender, a widely used open-source 3D creation suite, supports Python scripts for automation, add-ons, and workflow customization. When the Auto Run Python Scripts feature is enabled, Python code embedded inside a .blend file can run automatically when the model loads.

This automatic execution is normally used for legitimate tasks—such as initializing facial rig controls, generating custom UI panels, or loading animation tools—but it also creates an attack surface. Many artists and designers keep Auto Run enabled for convenience, unknowingly allowing malicious scripts to execute without warning.

Malicious .blend Files Deliver a Multi-Stage Infection Chain

Researchers at Morphisec uncovered a campaign in which .blend files uploaded to public 3D marketplaces contained embedded Python code designed to download a malware loader from a Cloudflare Workers domain.

Infection Chain Breakdown

  1. User opens the malicious .blend file
    Auto Run triggers the execution of the embedded Python script.

  2. Python script downloads a malware loader
    The loader is retrieved from attacker-controlled Cloudflare infrastructure.

  3. Loader fetches additional payloads via PowerShell
    Two ZIP archives—ZalypaGyliveraV1 and BLENDERX—are downloaded from hardcoded IP addresses.

  4. Payload deployment for persistence and execution

    • The archives unpack into the %TEMP% directory

    • LNK files are dropped into the Startup folder

    • Two malware components are installed:

      • StealC information stealer

      • An auxiliary Python-based stealer for redundancy

This structured, modular attack chain mirrors techniques commonly seen in modern cybercrime operations, designed to evade detection and ensure persistence.

StealC V2: Expanded Capabilities and Active Development

Morphisec’s analysis confirms the campaign uses the latest variant of StealC V2, a sophisticated infostealer previously examined by Zscaler researchers. Although first documented in 2023, StealC remains under active development and continues to bypass most antivirus detection systems.

Key Capabilities of the Latest StealC Variant

StealC V2 can exfiltrate sensitive data from:

  • 23+ web browsers, including support for Chrome 132+ with server-side credential decryption

  • 100+ crypto wallet browser extensions and 15+ standalone crypto wallet applications

  • Messaging and communication apps, including Telegram, Discord, Tox, and Pidgin

  • VPN clients, including ProtonVPN and OpenVPN

  • Email clients, such as Thunderbird

  • Updated UAC bypass techniques for stealthy privilege escalation

Despite its broad functionality, Morphisec reports that no security engine on VirusTotal detected this StealC sample, illustrating how quickly threat actors iterate to stay ahead of defensive tools.

Why 3D Marketplaces Are an Attractive Attack Vector

Marketplaces like CGTrader cannot realistically inspect the internal scripting content of every uploaded model. As a result, .blend assets can function similarly to executable files—capable of running arbitrary code once opened.

This makes Blender a compelling entry point for attackers seeking to compromise:

  • Game developers

  • VFX artists

  • 3D designers

  • Animation studios

  • Indie creators who rely heavily on marketplace assets

The combination of trusted platforms and Auto Run functionality creates a high-success-rate attack vector.

Recommended Security Practices for Blender Users

To reduce the risk of malware infection through malicious 3D assets, users should adopt the following best practices:

Disable Auto Run Python Scripts

Go to:
Blender → Edit → Preferences → Save & Load → uncheck “Auto Run Python Scripts”

This prevents automatic script execution when opening .blend files from untrusted sources.

Treat 3D Model Files as Potentially Dangerous

Just like executables, .blend files can contain payloads. Users should:

  • Download assets only from verified publishers or reputable studios

  • Avoid enabling Auto Run unless absolutely necessary

  • Use sandboxed or virtual environments to test unfamiliar models

  • Validate asset integrity before using them in production pipelines

Monitor for Indicators of Compromise

Organizations using Blender in professional environments should integrate monitoring for common StealC behaviors, such as:

  • Unexpected PowerShell execution

  • Downloads from unknown Cloudflare Workers domains

  • Unusual activity within %TEMP% or Startup directories

As cybercriminals continue to abuse creative tools and niche workflows, maintaining a proactive security posture is essential for both individuals and studios working with 3D content.