Threat Watch

Threat Actors Distribute Malicious 3Ds Max Plugin

In a report published by BitDefender and originally covered by ZDNet, Bitdefender analyzed and detailed a malicious 3Ds Max plugin named “PhysXPluginMfx,” which was the subject of a recent alert sent by Autodesk to all of its 3Ds Max customers. This plugin leverages MAXScript, the scripting language for 3Ds Max, in order to install a backdoor that hackers could use to scour infected computers for sensitive files. Bitdefender researchers stated that they believe the malware is attributed to a “mercenary” hacking group, otherwise known as “hackers for hire,” but did not provide details of the evidence leading to that conclusion. Investigation into the threat actor’s infrastructure revealed additional malware samples tying this group to campaigns in South Korea, United States, Japan, and South Africa. 

ANALYST NOTES

3Ds Max is a computer graphics application developed by Autodesk. They recently published an advisory about this exact plugin https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0005. Additionally, they’ve released a free plugin to detect and remove PhysXPluginMfx. Binary Defense also recommends the use of 24/7 SOC monitoring, such as Binary Defense’s Security Operations Task Force, to detect malicious activity including backdoor access.
https://www.zdnet.com/article/mercenary-hacker-group-targets-companies-with-3ds-max-malware/