Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Cybersecurity researchers have discovered an ongoing campaign active for at least six months that leverages malicious Blender Foundation files to deliver StealC V2 information stealer malware. The attack involves implanting malicious .blend files on platforms like CGTrader, where users unknowingly download and execute the compromised 3D assets. This supply chain attack targets the 3D modeling and animation community through trusted file-sharing platforms. The campaign represents a novel attack vector using legitimate creative software files as delivery mechanisms for data-stealing malware.