3Ds Max malware ! APT group targets design industry

A case of espionage attack by a new hacker group that targets companies worldwide with malware hidden inside malicious 3Ds Max plugins.

3Ds Max is a 3D computer graphics application developed by Autodesk and is an app used by engineering, architecture, gaming, or software companies.

Autodesk has published an advisory this month warning users about a variant of “PhysXPluginMfx” MAXScript exploit that can corrupt 3ds Max’s settings, run malicious code, and propagate to other MAX files on a Windows system upon loading the infected files into the software.

The main aim of this plugin was to deploy a backdoor trojan that hackers could use to search infected computers for sensitive files and later steal important files.

Upon investigation, they able to confirm attacks against an international architectural and video production company, currently engaged in architectural projects with billion-dollar luxury real-estate developers across four continents.

It was revealed that hackers used a malware command and control (C&C) server that was located in South Korea.

These additional malware samples opened connections to the C&C server from countries such as South Korea, United States, Japan, and South Africa, suggesting that the hacker group might have also made other unconfirmed victims in these countries as well.

These connections dates back to at least one month, but it doesn’t indicate that the hacker group started operating one month ago, and hackers could have very easily used another server for older operations.

The security firm believes that this hacker group is another example of a sophisticated hacker-for-hire mercenary group that provides services like industrial espionage.

It is highly recommended that 3ds Max users should download the latest version of Security Tools for Autodesk 3ds Max 2021-2015SP1 to identify and remove the PhysXPluginMfx MAXScript malware

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s