Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Researchers discovered a campaign distributing the StealC V2 information stealer through compromised Blender 3D model files on platforms like CGTrader. The malicious files exploit Blender’s Auto Run feature to execute Python scripts, initiating the malware download and execution sequence.

The ideal model assumes users vet all downloaded files, but in practice, 3D artists often download assets from public repositories without thorough inspection. This vulnerability allows attackers to bypass security measures and compromise systems, with StealC V2 capable of exfiltrating data from numerous sources, potentially costing victims significant financial and reputational damage.

Key Insights

• StealC V2 supports data extraction from 23 browsers, 100 web plugins, and 15 crypto wallets (Morphisec, 2025).
• Blender’s Auto Run feature, while convenient for automation, presents a significant security risk due to the ability to execute embedded Python scripts.
• Attackers are increasingly targeting creative software like Blender to distribute malware, bypassing traditional security sandboxes due to GPU requirements.

Practical Applications

• Use Case: Game development studios relying on asset marketplaces are vulnerable to supply chain attacks via compromised 3D models.
• Pitfall: Enabling Blender’s Auto Run feature without verifying file sources can lead to immediate malware infection.

References:

• https://thehackernews.com/2025/11/hackers-hijack-blender-3d-assets-to.html