Blender Creators, Watch Out For Malware Hidden In Fake Commission Requests

The incident was first reported by Reddit user Dry_Hunt_2536, a creator on Superhive (formerly known as Blender Market). They received a message that closely resembled a legitimate commission request: polite, detailed, and complete with sample references.

However, the attached file immediately raised suspicion due to its odd naming. Acting cautiously, the artist disabled the Auto Run Python Scripts setting in Blender's preferences before opening the .blend file. What appeared to be a standard animation toolkit turned out to be disguised malware. "After inspecting, I found it opens the Command Prompt and makes requests to its own server. It's completely separate code from the blender add-on's stuff and is even titled 'run_main_script,' so it couldn't be any more obvious that it's malware," commented the artist.

While it's common advice to stay cautious online, as noted by Dry_Hunt_2536, this scam has the potential to easily trick people. The message seemed completely legitimate, even the script inside the file appeared normal until the artist took a closer look.

Three things raised red flags for Dry_Hunt_2536: First, the message didn't mention their name, which suggested it could be sent to many people. Second, the file name seemed strange. Third, the message came through a platform where they don't usually receive commission requests.

At least four people in the replies to the original post confirmed they received similar messages, though from different usernames.

Stay alert, share this with your fellow creators, and join our 80 Level Talent platform and our new Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.