{"id":27851,"date":"2025-06-06T17:38:47","date_gmt":"2025-06-06T15:38:47","guid":{"rendered":"https:\/\/tinextadefence.it\/?p=27851"},"modified":"2025-06-10T10:02:17","modified_gmt":"2025-06-10T08:02:17","slug":"blender-files-as-a-new-malware-vector","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/blender-files-as-a-new-malware-vector\/","title":{"rendered":"Blender files as a new malware vector"},"content":{"rendered":"<p><span data-contrast=\"auto\">Our <\/span><b><span data-contrast=\"auto\">Malware Lab<\/span><\/b><span data-contrast=\"auto\"> conducted a priority analysis on a new malware distribution vector targeting users of <\/span><b><span data-contrast=\"auto\">Blender<\/span><\/b><span data-contrast=\"auto\">by exploiting the inclusion of Python scripts within <\/span><b><span data-contrast=\"auto\">Blender project files<\/span><\/b><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Attention was initially raised by a report published in the Blender subreddit. After contacting the author of the post, it was possible to acquire a sample of the file involved, which was allegedly disseminated via Fiverr, one of the main platforms for freelance work.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The analysis revealed a sophisticated, multi-stage attack chain, which exploits Blender's default 'Auto Run Python Scripts' enabled functionality to distribute and execute malware, and as the initial infection vector a <\/span><b><span data-contrast=\"auto\">3D model <\/span><\/b><span data-contrast=\"auto\">of Blender<\/span><span data-contrast=\"auto\"> seemingly harmless.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">A preliminary search showed that there were no references to the file in VirusTotal's databases, nor were there any detections by the main antivirus engines.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Although similar reports have surfaced in the past, to date there has been a lack of technical analysis that fully reconstructs the attack chain associated with compromised Blender files. For this reason, the analysis and drafting of this report was given top priority by the team, with the aim of filling an information gap and providing the technical and scientific community with timely input.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<p>If you wish to learn more, here is the link to our\u00a0<a href=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Report_Blender_files_as_a_new_malware_vector.pdf\"><b>full report<\/b><\/a>.<\/p>\n<p><span data-contrast=\"none\">In addition, you can subscribe to the specific mailing list <b>Cyber Studios by Tinexta Defence<\/b>, to receive updates on upcoming research: <\/span><a href=\"https:\/\/tinextadefence.it\/en\/cyber-studios-mailing-list\/\"><span data-contrast=\"none\">https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Our Malware Lab conducted a priority analysis on a new malware distribution vector targeting Blender users, exploiting the inclusion of Python scripts within Blender project files.  Attention was initially raised by a report published in the Blender subreddit. After contacting the author of the post, it [...]<\/p>","protected":false},"author":7,"featured_media":27853,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[],"class_list":["post-27851","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Blender files as a new malware vector - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/blender-files-as-a-new-malware-vector\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Blender files as a new malware vector - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Il nostro Malware Lab ha condotto un\u2019analisi prioritaria su un nuovo vettore di distribuzione malware che prende di mira gli utenti di Blender, sfruttando l\u2019inclusione di script Python all\u2019interno di file di progetto di Blender.\u00a0 L\u2019attenzione \u00e8 stata inizialmente sollevata da una segnalazione pubblicata nel subreddit di Blender. Dopo aver contattato l\u2019autore del post, \u00e8 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/blender-files-as-a-new-malware-vector\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-06T15:38:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-10T08:02:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Federica Casadei\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Federica Casadei\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/\"},\"author\":{\"name\":\"Federica Casadei\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\"},\"headline\":\"Blender files as a new malware vector\",\"datePublished\":\"2025-06-06T15:38:47+00:00\",\"dateModified\":\"2025-06-10T08:02:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/\"},\"wordCount\":250,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg\",\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/\",\"url\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/\",\"name\":\"Blender files as a new malware vector - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg\",\"datePublished\":\"2025-06-06T15:38:47+00:00\",\"dateModified\":\"2025-06-10T08:02:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg\",\"width\":1800,\"height\":960},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blender files as a new malware vector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d\",\"name\":\"Federica Casadei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g\",\"caption\":\"Federica Casadei\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Blender files as a new malware vector - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/blender-files-as-a-new-malware-vector\/","og_locale":"en_GB","og_type":"article","og_title":"Blender files as a new malware vector - Tinexta Defence","og_description":"Il nostro Malware Lab ha condotto un\u2019analisi prioritaria su un nuovo vettore di distribuzione malware che prende di mira gli utenti di Blender, sfruttando l\u2019inclusione di script Python all\u2019interno di file di progetto di Blender.\u00a0 L\u2019attenzione \u00e8 stata inizialmente sollevata da una segnalazione pubblicata nel subreddit di Blender. Dopo aver contattato l\u2019autore del post, \u00e8 [&hellip;]","og_url":"https:\/\/tinextadefence.it\/en\/blender-files-as-a-new-malware-vector\/","og_site_name":"Tinexta Defence","article_published_time":"2025-06-06T15:38:47+00:00","article_modified_time":"2025-06-10T08:02:17+00:00","og_image":[{"width":1800,"height":960,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg","type":"image\/jpeg"}],"author":"Federica Casadei","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Federica Casadei","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/"},"author":{"name":"Federica Casadei","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d"},"headline":"Blender files as a new malware vector","datePublished":"2025-06-06T15:38:47+00:00","dateModified":"2025-06-10T08:02:17+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/"},"wordCount":250,"commentCount":0,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg","articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/","url":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/","name":"Blender files as a new malware vector - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg","datePublished":"2025-06-06T15:38:47+00:00","dateModified":"2025-06-10T08:02:17+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/06\/Business_evidenza.jpg","width":1800,"height":960},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/blender-files-as-a-new-malware-vector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"Blender files as a new malware vector"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/0dc89f3eeaa8cd7b7c354b61c84d164d","name":"Federica Casadei","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6b35becb35fb83a681c7b431c36de302b4101b5ef0c48984910308c04617428f?s=96&d=mm&r=g","caption":"Federica Casadei"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/27851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=27851"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/27851\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/27853"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=27851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=27851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=27851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}