Warning: Malware Discovered In Blender File Circulating Online

A case of disguised malware embedded in a .blend file has been reported on Reddit by 3D Artist Haikal Shakyl, also known as LordCinn, and confirmed by several other artists in the thread. The file is being shared across platforms such as Discord, Gmail, and Fiverr, though it's likely not limited to these, scam messages are also commonly reported on ArtStation.

The malware is hidden in a .blend file named with random letters and often poses as a request for services. If Auto Run Python Scripts is enabled in your Blender's User Preferences, opening the file will immediately execute a malicious script. If auto-run is disabled, Blender will prompt you before executing any embedded scripts.

"The file isn't totally blank, I opened it in a VM and saw that it had a free chair model. Soon after that, my VM started to auto shut down and open "bad things" through my browser. The script seems to be hidden inside what seems to be a version of the Rigify add-on", shared Haikal.

Ultimately, it doesn't matter that it was a chair model, the malware could exist in any Blender file. The simplest way to protect yourself, of course, would be to completely disable Auto Run Python Scripts in Blender's preferences. This malware is likely an information stealer, so if you've opened the infected file, it's strongly recommended that you change all your passwords immediately and perform a full factory reset of your system.

Stay alert, learn more here, and join our 80 Level Talent platform and our new Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.