Bitdefender warns that hackers are specifically hiring 3ds Max
Friday, August 28, 2020 | Written by Jim Thacker
Autodesk's recommendation for the PhysXPluginMfx exploit, which cybersecurity firm Bitdefender believes was used for corporate espionage in the real estate industry. Autodesk has released tools to remove the malware.
Cybersecurity firm Bitdefender released a report on a new script exploit in 3ds Max, stating that it appears to be the result of an international hacker-for-hire group.
Bitdefender described the exploit as an "elaborate APT-style cyber espionage attack," speculating that a real estate company may have used hackers to spy on competitors by targeting contractors with 3ds Max.
Autodesk had already identified the PhysXPluginMfx exploit affecting 3ds Max 2015-2020 and updated its free security tools for 3ds Max software to address the vulnerability.
Download and run Autodesk's security tools to remove this and other malware
Vulnerabilities in 3ds Max – or any other software – are not uncommon: Autodesk has released three security advisories about exploits in 3ds Max and Maya that are rated "high" this year.
In the case of PhysXPluginMfx, Autodesk published a notice regarding the MAXScript exploit on August 10th.
According to Autodesk, the malware "can damage (software) settings, execute malicious code and distribute them to other MAX files (* .max) on a Windows system when scene files containing (it) are loaded into 3ds Max".
The security tools for 3ds Max were updated at this point and have continued to be updated ever since. So, if you're a Max user, download it from the Autodesk App Store to help address these and other vulnerabilities.
How the PhysXPluginMfx exploit is used. Diagram from Bitdefender's white paper.
Bitdefender believes it is being used for industrial espionage in the real estate industry
The interesting thing about the Bitdefender report is that the exploit is the result of industrial espionage in the real estate market in which a hacker-for-hire group is targeting 3ds Max.
According to Bitdefender, an advanced persistent threat (APT) -style cyber espionage attack was recently investigated against an international architecture and video production company.
The target company is not named, but is known to have worked on billion dollar real estate projects in New York, London, Australia and Oman.
Bitdefender researchers "found that threat actors have a complete set of tools with powerful spying capabilities" and used the previously unknown vulnerability in 3ds Max to "compromise the target."
The company notes that "the commercialization of APT-level hackers intended for rent could potentially lead luxury real estate investors to seek these services in order to spy on their competition by infiltrating their contractors."
Bitdefender said the command and control server used in the attack was located in South Korea and that other companies around the world will be similarly affected.
“Based on Bitdefender's telemetry, we also found other similar malware samples communicating with the same command and control server that have been available for almost a month.
"Based in South Korea, the US, Japan and South Africa, the cybercriminal has likely targeted select victims in those regions as well."
For more information on Bitdefender's investigations, please visit its website
Read the Autodesk Security Advisories on the PhysXPluginMfx exploit
Download Autodesk's free security tools for 3ds Max
(Compatible with 3ds Max 2015 SP1 to 3ds Max 2021)
Tags: 3ds max, advanced persistent threat, APT, architectural visualization, Autodesk, Bitdefender, cybercrime, cybersecurity, download, fix, free, hacking, industrial espionage, malware, MAXScript, MAXScript exploit, PhysXPluginMfx, real estate development, real estate, remove malware, script Exploit, security tools for 3ds Max, security vulnerability