Malware

Illicit Blender 3D files tapped to deliver StealC V2 infostealer

Russia-linked threat actors have been using trojanized .blend files on CGTrader and other platforms to facilitate the distribution of the StealC V2 information-stealing malware as part of an attack campaign that has been ongoing for at least six months, according to Infosecurity Magazine.

Opening the files downloaded as routine 3D assets using Blender's Auto Run feature enabled the execution of a tampered Rig_Ui.py script that retrieved a loader that downloaded a PowerShell and a pair of ZIP archives with Python-based stealers, a report from Morphisec showed. Extraction of the archives, which had components for persistence, eventually leads to the deployment of StealC V2, which has been updated to pilfer data from more than two dozen browsers and over 15 desktop wallets, as well as more than 100 plugins and various messaging, mail, and VPN apps.

Such an attack campaign, which was thwarted by Morphisec using its deception-based protection platform, was noted to be similar to a previous campaign against Albion Online players that involved Electronic Frontier Foundation spoofing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds