PhysXPluginMfx

In a security advisory Autodesk, the multinational software company that develops software tools used in architecture, construction, manufacturing, media, education, engineering, and entertainment industries, warned about a threatening exploit called PhysXPluginMfx that affected its 3Ds Max application. The severity of the threat was classified as critical due to its potency and the widespread use of 3Ds Max in every industry that requires the creation of 3D computer graphics.

The PhysXPluginMfx took the shape of a plugin that abused functionality in MAXScript, a utility tool that is packaged with the 3Ds Max software. According to the security advisory, if PhysXPluginMfx is loaded, it could corrupt 3Ds Max settings, execute corrupted code, and propagate itself by infecting other MAX (.max) files on a Windows OS.

The Exploitwas Abused by Hackers in a Targeted Campaign

Security researchers have identified a threatening campaign carried out by an unidentified group of hackers that employed the PhysXPluginMfx exploit. The goal was to drop an infostealer Trojan that could scan the compromised computer for commercial data and exfiltrate it alongside any important documents to the Command-and-Control (C2) infrastructure located in South Korea. Due to the targeted company being an international architectural and video production company that is involved in billion-dollar luxury-estate projects in four different countries currently, they made the conjecture that the hacker group could have been hired to carry out the attack by a competitor of the victim. If confirmed, this will make it the third active hacker-for-hire cybercriminal group being identified since the start of 2020. The two previous groups are DeathStalker and Dark Basin.