
There are reports of malware being spread through online 3D model sites.
How could this be? Aren’t 3D models mostly STL and 3MF files? They can’t really carry malware payloads? How could this be happening?
It turns out that some participants post .blend files, which are used by the popular Blender open-source 3D modeling system. By posting a .blend file, the user can directly edit the original 3D model, much like a CAD user could edit CAD files — but not easily edit the corresponding STL file.
That’s all great, except for one thing: apparently, you can run Python scripts in Blender. This allows for all kinds of added functionality, quite useful. But it also permits malware in Python code.
What appears to be happening is that bad actors are posting .blend files with attached Python scripts. If the downloader’s Blender system is set to automatically run Python scripts — something many people do for convenience — then the malware script runs and does whatever it does.
Several discussions on Reddit are looking at this issue, and it appears there were enormous numbers — hundreds — of these bad packages appearing on Printables, and certainly on other popular 3D model sites, too.
The Printables team has been made aware of these packages and has been deleting hundreds of files and accounts, which seem to be randomly generated.
So far, we haven’t heard of serious effects based on this approach, but when random code can run on your machine, obviously terrible things can happen. It’s in your best interest to prevent this from happening.
How do you do that? It’s pretty straightforward: in Blender, simply disable the “Auto Run Python Scripts” option in Blender Preferences. This means that even if you download these files accidentally, you are protected. Always check scripts in advance of running them!
One more thing: while the discussions mention printables, this attack approach is entirely usable on ANY 3D model upload site. That means that Blender files obtained from MakerWorld, MakerOnline, Creality Cloud, Thingiverse, wherever, you MUST watch out for this problem.
Via Reddit
