Blender Bender: StealC V2 Malware Sneaks Through 3D Art Files!
Morphisec warns that Russian cybercriminals are spreading StealC V2 malware through weaponized Blender files on 3D model sites like CGTrader. These files exploit Blender’s ability to run hidden Python scripts, allowing the malware to execute automatically. The attack is ongoing and has been active for at least six months.
Hot Take:
When your 3D models start pilfering data like they’re auditioning for a cyber-heist movie, you know the hackers have truly embraced their artistic side. Beware of Blender’s latest ‘feature’—turning your computer into a Picasso of pilfered passwords!
Key Points:
– Cybersecurity firm Morphisec reports Russian threat actors are spreading StealC V2 infostealer via malicious Blender files.
– The malware leverages Blender’s ability to execute hidden Python scripts, targeting users on 3D model marketplaces like CGTrader.
– Attackers exploit Blender’s Auto Run Python Scripts feature to execute code automatically.
– The StealC V2 malware has been enhanced to steal data from browsers, crypto-wallets, messaging apps, and VPN clients.
– Morphisec recommends disabling Auto Run unless the file source is trusted to avoid these threats.