Autodesk identifies MAXScript exploit “PhysXPluginMfx” in 3ds Max
Autodesk has identified and warned users of a MAXScript exploit in 3ds Max. “PhysXPluginMfx” is a variant of ALC2, ALC, CRP and ADLS that can corrupt 3ds Max software’s settings, run malicious code, and propagate to other MAX files if scene files containing the script are loaded into 3ds Max. A fix is already available and users are urged to install and run the free plugin available from the Autodesk App Store to detect and remove the malicious code.
Security Experts BitDefender also recently published a whitepaper about this exploit, suggesting that it was a “cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and South Korean-based C&C infrastructure.”
“During the investigation, Bitdefender researchers found that threat actors had an entire toolset featuring powerful spying capabilities and made use of a previously unknown vulnerability in a popular software widely used in 3D computer graphics (Autodesk 3ds Max) to compromise the target.”
For more detailed information about their investigation, pleased visit the Bitdefender website.