New hacker-for-hire group targets companies’ proprietary information using a new malicious 3Ds Max plugin to infect their system. The security firm, Bitdefender, stated that the new hacker group was identified using a malware that is hidden within malicious 3Ds Max plugins to breach companies’ database.
Also Read: iPhone Spyware Found Secretly Used by One City in California For $15,000? Here’s Why It Is Alarming
Autodesk, a software giant, developed the 3D computer graphics application called “3D.” It is an application usually downloaded and used by architecture, gaming, software, and engineering companies.
Also Read: AT&T on Proposed 4G Speed Test: Testing 10% of Coverage Could Already Cost About $18M Annually
On Aug. 10, the security alert about the malicious plugin called “PhysXPluginMfx” was published by Autodesk, stating that abused a scripting utility called MAXScript, which ships with the 3Ds Max software.
The security report warned that the PhysXPluginMfx plugin would activate the malicious MAXScript operations when loaded inside 3Ds. This could run malicious code, propagate and infect other MAX files on Windows system, as well as corrupt 3Ds Max settings.
PhysXPluginMfx can also help the malware spread to other users that opened and received the files. However, the malicious plugin’s real goal was to deploy a backdoor trojan that cyber attackers could use to scout infected computers for sensitive files, as explained by Bitdefender after taking a closer look at the exploit.
Other security firms also reported the mercenary hackers’ attacks. The Romanian cybersecurity firm stated that it could identify the hacking group’s attacks against a video production and an international architectural company.
The companies have billion-dollar luxury real-estate developers across four continents, engaging in architectural projects. The investigation also revealed that the cyber attackers used a malware command and control (C&C) server located in South Korea.
“When looking at our own telemetry, we found other samples that communicated with the same C&C server,” said Liviu Arsene, the Senior E-Threat Analyst at Bitdefender.”Which means that the group was not limited to only developing samples for the victim that we investigated,” added Arsene.
The malicious malware samples also initiated connections to the C&C server from different countries such as United States, Japan, South Africa, and South Korea.
Also Read: FBI and CISA Warns About ‘Vishing’ and Now Rampant Because of Mass Shifting To WFH
By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions
World news – GB – [WARNING] Mercenary Hackers Steal Companies’ Proprietary Information