Project Manager by K-Studio is a great plugin for organizing your local library. But have you ever thought that by downloading the free version from Torrent or Chinese sites, you can become a victim of cybercriminals?
Locker is a typical ransomware virus that encrypts files and paralyzes your work.
Hackers from China have bypassed the license protection, added the Locker virus and are distributing the free version of Project Manager on various resources on the network.
By installing such a modified plugin, all recently opened 3Ds Max scenes and models (* .max) will be encrypted and you will not be able to open
them via File → Open, File → Merge or by double click. You can open files only through the fake Project Manager, for which you have to pay!
Later it turned out that the files are encrypted and can only be opened through the Project Manager downloaded from one Chinese resource.
Analysis of the encrypted file showed that it contains Persistent Global variables, which indicates the possible presence of a script virus.
The size of the encrypted * .max file is several megabytes larger.
When trying to open an encrypted file using any of the standard methods, we we see the error:
The malicious code was sent for study by our friends from ESET.
Therefore, the full report will only be available after analyzing the code.
At the moment, the developer of the Project Manager, Oleksandr Kramer, was notified of this incident and is actively helping in solving this problem.
Attention!To avoid getting infected, follow the instructions below.
If you do not want your work to be paralyzed, do not install Project Manager from unknown sources or Torrent!
Install only licensed software from the official K-Studio website: https: / /3d-kstudio.com/
But nevertheless, there are a number of characteristics by which you can determine or you have downloaded a malicious Project Manager installation file.
The file name contains Chinese characters.
If you rename the installation file and specify the file extension instead of * .mzp to * .zip, you can open it with the archiver and see the list of files.
If you already have Project Manager installed and you are infected, then * .max files will not be opened via File → Open.
Important! Download Project Manager only from the official site.
For those who have been infected, unfortunately, there is still no solution to eliminate the consequences. But we are actively working on this with ESET and the developers from K-Studio.
This article will be updated as various information becomes available. Stay tuned!