PhysXPluginMfx

High-profile cybercriminals often go after very specific targets by exploiting software and services they use regularly. This is the case with the threatening PhysXPluginMf, a plug-in for the popular 3D editing software called 3Ds Max. The corrupted add-on has been active all over the world, and its victims are often companies that are involved in some sort of 3D design – gaming, engineering, and the architecture sectors are the likely targets of the gang behind PhysXPluginMfx.

A Harmful 'PhysXPluginMfx' Plugin Targets Companies in the Engineering, Architectural and Gaming SectorsI

The very carefully selected targets of the PhysXPluginMfx operation means that we are talking about a very small-scale campaign, which makes it difficult to track the propagation methods and vulnerabilities that the cybercriminals are likely to exploit. However, it has been confirmed that the goal of the fake PhysXPluginMfx plug-in is to abuse the 'MAXScript' utility to execute a piece of code that drops an unidentified backdoor Trojan. This threat may then be used to gain illicit access to copyrighted material and projects, industrial espionage and data theft. There are reasons to believe that the criminals behind the unsafe add-on may be a 'hacker-for-hire' group that is renting out their services and tools to third parties.

The backdoor Trojan that the PhysXPluginMfx add-on deploys, tries to connect a Command and Control server with a South Korean IP address, but this is not enough information to determine the geographic origin of the attack. One thing is for certain – companies operating with 3Ds Max software should be careful with the add-ons they download and install. Such content should be fetched from trustworthy and verified sources because it seems that hacker attacks against specific types of software have become a common trend in the past few years.