If you often download *.blend files from the Internet and open them in Blender on your computer, be sure to check right now whether the automatic script execution mode is disabled in your Blender settings! To do this, open the “Preferences” area, switch to the “Save and Load” tab and in the “Auto Run Python Scripts” section, make sure that the checkbox is unchecked. If this checkbox is checked, be sure to uncheck it and save the settings!
When the “Auto Run Python Scripts” checkbox in the Blender settings is checked, this means that when you open any *.blend file, if this file contains Python scripts, they will be executed immediately.
What problems can enable this setting lead to?
Quite recently, all users of the SuperHive resource (the Blender Market new name) received the following letter.
It says that, allegedly, its author studied the products you presented on SuperHive, he liked them and wants to offer you a job. As an example of work he needs, he offers to download a *.blend file by the attached link.
The link actually downloads a Blender project file. Not a script, not an executable file, which a cautious user might immediately notice.
What happens if you download the offered file and open it? You will not see anything unusual. But… !
The downloaded *.blend file contains a Python script with the following content:
And if you have the “Auto Run Python Scripts” checkbox enabled, it will be automatically executed.
This script downloads another file from the Internet, packed into an archive. The archive with this new file is unpacked into a temporary directory. Script creates a shortcut (a link to the unpacked file) and, using the Power Shell, places it in the system startup directory. Now, the file downloaded by this script will be launched automatically, every time you restart your computer. After that, the script sends a message to a private telegram channel with the IP address of your computer.
Obviously, this behavior is typical for malware. The owner of this channel, having received your IP, will have direct access to your computer through the downloaded file and the ability to perform any actions on it, from stealing your credit card data to sending spam messages and pirate mining.
It should be noted once again that the script code is executed in the background, in a parallel process, that is, you will not notice anything at all.
To protect yourself from such traps, be sure to go to the Blender settings and uncheck the “Auto Run Python Scripts” checkbox!
This does not guarantee 100% protection of your computer, for example, you can accidentally execute a malicious script manually, but it will significantly reduce the risk that some malicious script will be launched in Blender without your knowledge.
What to do if you still need to keep this checkbox enabled?
If you receive many files from trusted partners that nevertheless require execution of embedded scripts at startup, you can at least set up excluded directories.
If you open a *.blend file from such a directory, the embedded scripts will not be executed automatically.
To create such an exclusion, click on the plus sign on the right of the frame under the “Auto Run Python Scripts” checkbox. In the field that appears, type the path to the directory in which you will put unverified *.blend files downloaded from the Internet. Store projects from trusted partners in another directory. Do not forget to save the settings.
This way, you will exclude automatic script launch when you open random downloaded *.blend files, and you will work with trusted projects as before.