Following the initial breach documented in VTubeR Hack: Append.1 (unauthenticated MoCap data injection), investigates a secondary, more sophisticated attack vector. This paper demonstrates how an adversary compromised a third-party VTuber asset store and deployed a malicious blendshape modifier within a popular avatar file ( .vrm , .vsfavatar ). The attack bypassed standard runtime authentication by modifying the avatar’s expression mapping at the shader level, enabling real-time lip-sync spoofing and unauthorized gesture injection across streaming platforms (YouTube, Twitch, Bilibili). We present a forensic breakdown of the payload, its persistence mechanism, and a zero-trust framework for VTuber pipelines.