Cybersecurity experts are warning about malicious Blender files being used to spread malware that steals sensitive data. These files, found on platforms like CGTrader, leverage embedded Python scripts to initiate infections when opened.
Security firm Morphisec first reported on this Russian-linked campaign, noting its use of malicious .blend files to deploy the StealC V2 data-stealing malware. You can read their full analysis here.
Users on Reddit had previously identified these suspicious files, with one user warning about “.blend files being distributed on various platforms that have random letters as its name.” See the discussion here.
When a malicious Blender file is opened, a hidden Python script attempts to execute. If Blender’s “Auto Run Python Scripts” option is enabled, the script runs automatically, otherwise a prompt appears. A deeper dive into this malware delivery can be found here.
This script then downloads and installs StealC malware, an information stealer designed to pilfer login credentials from browsers, plugins, extensions, cryptocurrency wallets, chat applications, VPN software, and email clients like Thunderbird.
To protect yourself, it’s crucial to keep Blender’s “Auto Run Python Scripts” feature disabled. Only enable it if you explicitly trust the source of the .blend file. This simple step can prevent a wide range of credential theft.
The persistent innovation in malware delivery, as seen with malicious Blender files, mirrors other advanced threats designed to evade detection. Attackers are constantly finding new ways to compromise systems.
For instance, the Matrix Push C2 platform employs a fileless approach, leveraging browser notifications to launch cross-platform phishing attacks. This method avoids traditional security measures, posing a significant challenge.
Such diverse and evolving tactics, from embedded scripts in 3D assets to browser-based notification schemes, highlight the dynamic nature of cybersecurity threats. Vigilance remains paramount for users and organizations alike.
To understand more about these sophisticated, fileless attack vectors and how they bypass conventional defenses, recent analysis of the Matrix Push C2 platform offers crucial insights into current cybercriminal methodologies. Delve into Matrix Push C2’s operations here.