• There are reports of malware being spread through online 3D model sites. • Aren’t 3D models mostly STL and 3MF files? • They can’t really carry malware payloads? • How could this be happening? • It turns out that some participants post .blend files, which are used by the popular Blender open-source 3D modeling system. • By posting a .blend file, the user can directly edit the original 3D model, much like a CAD user could edit CAD files - but not easily edit the corresponding STL file.
Article Summaries:
- Reports indicate a growing malware campaign targeting online 3D‑model repositories. Attackers upload .blend files-native to the open‑source Blender software-that contain embedded Python scripts. When users download these files and have Blender’s “Auto‑Run Python Scripts” option enabled, the malicious code executes automatically, potentially compromising the user’s system. Hundreds of such files have been identified on sites like Printables, MakerWorld, and Thingiverse, prompting the Printables team to delete dozens of files and accounts. Security experts advise disabling the auto‑run feature in Blender preferences and reviewing scripts before execution to mitigate the risk.
Sources: