Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files

Morphisec documents an active six-month campaign delivering the StealC V2 infostealer through weaponized Blender .blend files on public 3D asset sites; the attack chain uses embedded Python to fetch a loader, a PowerShell stage to retrieve ZIP archives that deploy Python stealers and persistence mechanisms, and Pyramid C2 for encrypted payload delivery. The report provides extensive IOCs (IPs, URLs, file hashes), details StealC V2 capabilities and low AV detection rates, attributes patterns to Russian-speaking actors, and describes how Morphisec’s prevention technology intervenes.