Researchers warn about industrial espionage group targeting companies in the energy sector with AutoCAD-based malware.
Hackers leveraged AutoCAD's scripting feature
The company said that victims usually get infected because the ZIP files with AutoCAD (.cad) projects they receive also contain hidden Fast-Load AutoLISP (.fas) modules.
These .fas modules are the equivalent of scripting components for the AutoCAD design software, akin to how macros are for Word files. The difference is that FAS modules use the Lisp programming language for its script, instead of VisualBasic or PowerShell, the preferred scripting component used with macros.
Based on the victim's AutoCAD installation settings, the AutoCAD app will either automatically execute these .fas scripting modules when the user opens the main .cad project, or when the user opens any .cad project.
Recent versions of the AutoCAD software (versions released after 2014) show warnings when executing a .fas module, but just like with the macro warnings in Office apps, some usually tend to plow through all the security alerts without thinking of the consequences and to open and view the main file's content as soon as possible.