Malware written to steal design files made by architects and engineers indicates there’s likely been an industrial cyber-espionage effort underway, according to ESET, which discovered malware that steals AutoCAD-based files earlier this year.
ESET malware researcher Pierre-Marc Bureau says the firm captured samples that show the malware, written in the LISP programming language, is “designed to steal sensitive information, such as blueprints” made using AutoCAD software from AutoDesk. Although Peru is where ESET has initially seen this design-stealing malware turn up the most, it’s a global phenomenon, Bureau says. Analysis indicates the malware is sending stolen AutoCAD files to China.
Although ESET captured samples of the computer-aided design-malware back in February, a spike in activity observed around the malware compelled the firm to go back to do more analysis on it. It was learned that the malware was stealing files and mailing them off to what appeared to be a service provider in China. Bureau says ESET contacted the Chinese service provider, Tencent, to shut down the malware’s point of delivery for stolen files, and shared information it gathered with AutoDesk. Anti-virus products that identify the malware would also protect against infections.
Infections are occurring through compromised AutoCAD files, Bureau says. “If you’re exchanging documents with another company, you could get infected.” He says this appears to be a targeted espionage case, perhaps where someone wants to know about what a competitor is doing in a bidding situation, but the malware does seem to be spreading.