Bitdefender’s Cyber Threat Intelligence Lab discovered a case of espionage attack by a new hacker group that targets companies worldwide with malware hidden inside malicious 3Ds Max plugins.
3Ds Max is a 3D computer graphics application developed by Autodesk and is an app used by engineering, architecture, gaming, or software companies.
Autodesk has published an advisory this month warning users about a variant of “PhysXPluginMfx” MAXScript exploit that can corrupt 3ds Max’s settings, run malicious code, and propagate to other MAX files on a Windows system upon loading the infected files into the software.
According to Bitdefender, the main aim of this plugin was to deploy a backdoor trojan that hackers could use to search infected computers for sensitive files and later steal important files.
Upon investigation, the cybersecurity firm was also able to confirm attacks against an international architectural and video production company, currently engaged in architectural projects with billion-dollar luxury real-estate developers across four continents.
It was revealed that hackers used a malware command and control (C&C) server that was located in South Korea.
Bitdefender Senior E-Threat Analyst, Liviu Arsene said that they have found other samples that communicated with the same C&C server, which indicates that the group were developing samples not only for the victim that they have investigated.
These additional malware samples opened connections to the C&C server from countries such as South Korea, United States, Japan, and South Africa, suggesting that the hacker group might have also made other unconfirmed victims in these countries as well.
These connections dates back to at least one month, but it doesn’t indicate that the hacker group started operating one month ago, and hackers could have very easily used another server for older operations.
Even though there were previous instances of APT mercenary groups such as Dark Basin and Deceptikons (aka DeathStalker) targeting the financial and legal sector, this is the first time a threat actor has used the same modus operandi to the real-estate industry.
The security firm believes that this hacker group is another example of a sophisticated hacker-for-hire mercenary group that provides services like industrial espionage.
It is highly recommended that 3ds Max users should download the latest version of Security Tools for Autodesk 3ds Max 2021-2015SP1 to identify and remove the PhysXPluginMfx MAXScript malware
Image Credits : Toolfarm