"avatar_id": "sha256:7a8f...", "allowed_blendshape_modes": ["arkit_52", "live2d_free"], "runtime_attestation": "required", "third_party_plugins": ["approved_list"]
This paper assumes covered the initial discovery of a vulnerability in a Virtual YouTuber (VTuber) motion capture pipeline (e.g., unsecured WebSocket for tracking data). Append.2 focuses on the forensic analysis, the second-stage attack vector (supply chain), and mitigation. VTubeR Hack: Append.2 – Supply Chain Injection & Persistent Avatar Manipulation Author: [Redacted Security Research Group] Date: April 14, 2026 Classification: Technical Disclosure / Post-Incident Analysis Abstract Following the initial breach documented in VTubeR Hack: Append.1 (unauthenticated MoCap data injection), Append.2 investigates a secondary, more sophisticated attack vector. This paper demonstrates how an adversary compromised a third-party VTuber asset store and deployed a malicious blendshape modifier within a popular avatar file ( .vrm , .vsfavatar ). The attack bypassed standard runtime authentication by modifying the avatar’s expression mapping at the shader level, enabling real-time lip-sync spoofing and unauthorized gesture injection across streaming platforms (YouTube, Twitch, Bilibili). We present a forensic breakdown of the payload, its persistence mechanism, and a zero-trust framework for VTuber pipelines. 1. Introduction The VTuber ecosystem relies on a complex chain: motion capture (face/body) → tracking software (e.g., VSeeFace, VTube Studio, Warudo) → real-time rendering → streaming encoder. Append.1 addressed unencrypted UDP streams. Append.2 reveals that even with encrypted streams, the avatar asset itself can be weaponized. vtuber hack:append.2
// Reverse-engineered snippet void LateUpdate() if (attackActive) float[] overrideValues = DecodeBlendshapePayload(); for (int i = 0; i < blendShapeCount; i++) float original = skinnedMesh.GetBlendShapeWeight(i); float malicious = overrideValues[i]; skinnedMesh.SetBlendShapeWeight(i, Mathf.Lerp(original, malicious, 0.9f)); "avatar_id": "sha256:7a8f