• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

200 Swedish municipalities impacted by a major cyberattack on IT provider

 | 

TransUnion discloses a data breach impacting over 4.4 million customers

 | 

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

 | 

UNC6395 targets Salesloft in Drift OAuth token theft campaign

 | 

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Healthcare Services Group discloses 2024 data breach that impacted 624,496 people

 | 

ESET warns of PromptLock, the first AI-driven ransomware

 | 

China linked UNC6384 targeted diplomats by hijacking web traffic

 | 

Farmers Insurance discloses a data breach impacting 1.1M customers

 | 

Citrix fixed three NetScaler flaws, one of them actively exploited in the wild

 | 

Auchan discloses data breach: data of hundreds of thousands of customers exposed

 | 

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

 | 

Docker fixes critical Desktop flaw allowing container escapes

 | 

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

 | 

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

 | 

Android.Backdoor.916.origin malware targets Russian business executives

 | 

Electronics manufacturer Data I/O took offline operational systems following a ransomware attack

 | 

IoT under siege: The return of the Mirai-based Gayfemboy Botnet

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 59

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Hackers for hire group target organizations via 3ds Max exploit

Hackers for hire group target organizations via 3ds Max exploit

Pierluigi Paganini August 26, 2020

Experts discovered a new hacker hacker-for-hire group that is targeting organizations worldwide with malware hidden inside malicious 3Ds Max plugins.

Security researchers from Bitdefender discovered a new hacker group that is currently targeting companies across the world with malware hidden inside malicious 3Ds Max plugins.

Autodesk 3ds Max, formerly 3D Studio and 3D Studio Max, is a professional 3D computer graphics program for making 3D animations, models, games and images. It is developed and produced by Autodesk Media and Entertainment.[2] It has modeling capabilities and a flexible plugin architecture and must be used on the Microsoft Windows platform. I

3Ds Max is used by engineering, architecture, gaming, or software organizations.

In early August, Autodesk published a security alert warning about a malicious plugin named “PhysXPluginMfx,” it is a variant of the MAXScript exploit.

“A variant of a MAXScript exploit “PhysXPluginMfx” has been identified and a free plugin is now available in the Autodesk App Store to detect and remove the malicious code.” reads the security alert.

Upon loading the malicious plugin inside 3Ds Max, PhysXPluginMfx would execute malicious MAXScript operations to corrupt 3Ds Max settings, run malicious code, and even propagate to other MAX files.

According to Bitdefender, the plugin was designed to deploy a backdoor trojan that could be used to steal sensitive files from the infected systems.

Bitdefender researchers investigated at least one attack against an international architectural and video production company that has been collaborating in billion-dollar real estate projects in New York, London, Australia, and Oman.

“During the investigation, Bitdefender researchers found that threat actors had an entire toolset featuring powerful spying capabilities and made use of a previously unknown vulnerability in a popular software widely used in 3D computer graphics (Autodesk 3ds Max) to compromise the target.” reads the post published by BitDefender.

“Industrial espionage is nothing new, and, since the real estate industry is highly competitive, with contracts valued at billions of dollars, the stakes are high for winning contracts for luxury projects. This could justify turning to mercenary APT groups for gaining a negotiation advantage.”

The threat actor used a malware command and control (C&C) server that was located in South Korea.

“Looking through the telemetry of the C&C, we noticed that there are reports, which include some of the discovered .net assembly internal names found initially on the victims’ machine or downloaded from the C&C.” continues the report. “After analysis, we have managed to gather more tools, based on direct usage or based on common portions of code. Beside this, we have also noticed that all of them share the C&C address from the victim (address + port).”

Some of the samples analyzed by Bitdefender connected to the C&C server from countries South Korea, United States, Japan, and South Africa, a circumstance that suggests the hackers might have also targeted businesses in these countries.

The attackers also use malware to collect details about the compromised host and steal files with specific extensions.

According to the researchers, the attackers compile file-stealing component for each victim to include the list of files they want to steal.

To avoid detection, the malicious binary remains dormant if Task Manager or Performance Monitor were running.

The report includes a lot of technical details about the operation of the group. This year, security firm spotted other hacker-for-hire groups, including Dark Basin and DeathStalker.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, 3ds Max)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

3ds Max Hacking hacking news information security news IT Information Security malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini August 28, 2025
200 Swedish municipalities impacted by a major cyberattack on IT provider
Read more
Pierluigi Paganini August 28, 2025
TransUnion discloses a data breach impacting over 4.4 million customers
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    200 Swedish municipalities impacted by a major cyberattack on IT provider

    Security / August 28, 2025

    TransUnion discloses a data breach impacting over 4.4 million customers

    Data Breach / August 28, 2025

    NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

    Intelligence / August 28, 2025

    UNC6395 targets Salesloft in Drift OAuth token theft campaign

    Hacking / August 28, 2025

    Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

    Hacking / August 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT