- Pro
- Security
Another open source platform is being abused for malware
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Avast)
- Russian hackers exploit Blender’s Auto Run feature to deliver StealC infostealer via .blend files
- Malware deployed through CGTrader assets, pulling payloads from Cloudflare Workers domains
- StealC variant targets browsers, crypto wallets, chat apps, and VPN clients undetected
Blender has a convenient but risky feature which experts have found is being exploited by Russian hackers to deliver infostealer malware.
Cybersecurity researchers Morphisec observed the attacks in the wild and urged designers and other professionals to be vigilant.
- Amazon Black Friday deals are live: here are our picks!
Blender is a widely used open source 3D creation suite popular among artists, animators, game developers, and studios for everything from modeling and rendering to visual effects. There is also CGTrader, a marketplace where 3D artists and designers can buy, sell, and share user-generated models and assets for their projects.
You may like-
VSCode market struck by huge influx of malicious WhiteCobra extensions - so be warned
-
Fake VPN checker tool lets hackers bypass antivirus protections
-
TikTok videos used to hide dangerous malware attacks - here's how to stay safe
Significant impact
Now, Morphisec says it saw Russia-linked cybercriminals upload .blend files with embedded Python code onto CGTrader.
The code pulls a malware loader from a Cloudflare Workers domain which, in turn, pulls two ZIP archives. These deploy two payloads, including a StealC infostealer and an auxiliary Python stealer, likely as a fallback.
Obviously, the Python code needs to be triggered. That is where the “convenient, but risky” feature comes in. It is called Auto Run, and if it is enabled, when a user opens a character rig, the script automatically loads the facial controls and custom UI panels and, consequently, triggers the malware deployment process.
StealC is a popular infostealer that’s been around for years and was observed in numerous high-profile campaigns. It is also constantly in development, with newer versions getting better at persistence, stealth, and infostealing capabilities.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.This latest variant, used in this campaign, can pull data from more than 20 browsers, more than 100 cryptocurrency wallet browser extensions, more than 15 cryptocurrency wallet apps, the majority of chat apps, as well as VPN clients.
Via BleepingComputer
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
TOPICS Malware Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
VSCode market struck by huge influx of malicious WhiteCobra extensions - so be warned
Fake VPN checker tool lets hackers bypass antivirus protections
TikTok videos used to hide dangerous malware attacks - here's how to stay safe
Are you an Apple Mac user? Cybercriminals are using this popular website to target you with malware and infostealers - here's what you need to stay safe
Criminals are using AI-generated fake copyright violation threats to take over social media and websites - here's what you need to know
Russian hackers hit Windows machines via Linux VMs with new custom malware
Latest in Security
Popular JavaScript library can be hacked to allow attackers into user accounts
This devious botnet tried a trial run during the recent AWS outage - so when will it be back?
Asahi confirms cyberattack leaked data on 1.5 million customers
New macOS malware chain could cause a major security headache - here's what we know
Ransomware hackers attack SMBs being acquired to try and gain access to multiple companies
Emergency alert systems across US disrupted following OnSolve CodeRED cyberattack
Latest in News
NYT Connections hints and answers for Friday, November 28 (game #901)
NYT Strands hints and answers for Friday, November 28 (game #635)
Quordle hints and answers for Friday, November 28 (game #1404)
Marvel Rivals is having a Black Friday Blowout to celebrate the game's first anniversary – here's how it works
Sony A7 V leak gives us our first glimpse of imminent flagship camera
Dell paints bleak picture of Windows 11's lack of popularity at End of Life
LATEST ARTICLES- 1Malicious Blender model files deliver StealC infostealing malware
- 2Missouri to enforce mandatory age verification in three days
- 3NYT Connections hints and answers for Friday, November 28 (game #901)
- 4NYT Strands hints and answers for Friday, November 28 (game #635)
- 5Quordle hints and answers for Friday, November 28 (game #1404)
