StealC V2 Spread via Malicious Blender Files on 3D Sites

Cybersecurity researchers have uncovered a campaign distributing StealC V2 through weaponized Blender files on 3D model sites like CGTrader. The attack exploits Blender’s ability to run hidden Python scripts, leading to a multistage infection. The malware targets various browsers, plugins, wallets, and messaging clients, with indicators of compromise including malicious .blend files and payload retrieval through workers.dev domains. Morphisec’s deception-based protection platform successfully blocked the campaign by injecting decoy credentials.