If you utilize Blender for your 3D work, it is necessary to inform you of a new threat. Some attackers are hiding StealC malware in Blender model files, and users are falling victim to it just by opening these files. Scary, huh?
If you have Blender set to "Auto Run Python Scripts", the script automatically runs the moment the file is opened.
Once the script runs, it proceeds to download additional files from the Internet. These downloaded files then:
It has the ability to stuff:
You can take a few basic steps to protect your system:
How does this attack work?
Hackers upload fake models on sites like CGTrader. Upon initial investigation, the model looks completely normal, but there is a hidden Python script inside.If you have Blender set to "Auto Run Python Scripts", the script automatically runs the moment the file is opened.
Once the script runs, it proceeds to download additional files from the Internet. These downloaded files then:
- Save themselves in your system Temp folder
- Create shortcut files in your Startup folder
- Install the StealC malware on your device
The dangers of StealC
StealC is a serious info-stealer.It has the ability to stuff:
- Passwords from 23+ browsers
- Data from 100+ browser extensions
- Crypto wallet data
- Data from Telegram and Discord
- User data from VPNs
- E-mail login information
Who is behind this?
Security researchers believe the attack is from Russian-speaking hackers. These groups use StealC throughout their campaigns.How to protect yourself
No need to panic!You can take a few basic steps to protect your system:
- Disable Auto Run Python Scripts in Blender (Edit - Preferences - Save & Load - uncheck it)
- Only access Blender files from trusted sites
- Treat all unknown .blend files as dangerous
- If you want to verify a model safely, do so in a virtual machine (VM)
- Check your Startup folder for any suspicious shortcut files you didn’t install
- Review your Temp folder for strange unknown files
