Russian-Linked StealC V2 Campaign Using Trusted Creative Platforms to Evade Detection: What You Need to Know 

Morphisec Threat Labs uncovered and stopped a Russian-linked StealC V2 campaign that delivered malicious Python code embedded in Blender .blend files hosted on legitimate 3D marketplaces; when opened with Auto Run Python Scripts enabled, the files executed a memory-resident loader that harvested browser credentials, VPN/corporate logins, crypto wallets, cloud/MFA tokens, and messaging data. The campaign uses fileless, in-memory techniques and modular Pyramid C2 infrastructure to evade EDR and AV, highlighting creative tools and design workflows as growing attack surfaces and prompting recommendations for pre-execution prevention and expanded cyber risk mapping across R&D and design teams.