Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February 2021 on Russian-speaking cybercrime forums for a rental price of $2,500, the malware has been put to use as part of ClickFix-like lures to trick users visiting legitimate-but-compromised sites not running it. Matanbuchus stands out among loaders because it's not usually spread through spam emails or drive-by downloads. Instead, it's often deployed using hands-on social engineering, where attackers trick users directly. In some cases, it supports the kind of initial access used by brokers who sell entry to ransomware groups. This makes it more targeted and coordinated than typical commodity loaders. The latest version of the loader, tracked as Matanbuchus 3.0, incorporates several new features, including improved communication protocol techniques, in-memory capabilities, enhanced obfuscation methods, CMD and PowerShell reverse shell support, and the ability to run next-stage DLL, EXE, and shellcode payloads, per Morphisec. The cybersecurity company said it observed the malware in an incident earlier this month where an unnamed company was targeted via external Microsoft Teams calls that impersonated an…Read More