Russia-linked threat actors have been using trojanized .blend files on CGTrader and other platforms to facilitate the distribution of the StealC V2 information-stealing malware as part of an attack campaign that has been ongoing for at least six months, according to Infosecurity Magazine.Opening the files downloaded as routine 3D assets using Blender's Auto Run feature enabled the execution of a tampered Rig_Ui.py script that retrieved a loader that downloaded a PowerShell and a pair of ZIP archives with Python-based stealers, a report from Morphisec showed. Extraction of the archives, which had components for persistence, eventually leads to the deployment of StealC V2, which has been updated to pilfer data from more than two dozen browsers and over 15 desktop wallets, as well as more than 100 plugins and various messaging, mail, and VPN apps.Such an attack campaign, which was thwarted by Morphisec using its deception-based protection platform, was noted to be similar to a previous campaign against Albion Online players that involved Electronic Frontier Foundation spoofing.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




