Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies
July 16, 2025
Threat Intelligence / Vulnerability
Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.
Threat Intelligence / Vulnerability
Hackers Exploit Microsoft Teams to Distribute Matanbuchus 3.0 Malware Targeting Businesses August 16, 2025 In a concerning development within the realm of cybersecurity, researchers have identified a new variant of the Matanbuchus malware loader, which has been refined to enhance its stealth and evade detection by security systems. Matanbuchus represents…
Hackers Exploit Microsoft Teams to Distribute Enhanced Matanbuchus 3.0 Malware to Targeted Companies
July 16, 2025
Threat Intelligence / Vulnerability
Cybersecurity researchers have identified a new variant of the established malware loader Matanbuchus, which boasts enhanced stealth features to evade detection. Matanbuchus, a malware-as-a-service (MaaS) offering, serves as a launchpad for various next-stage payloads, including Cobalt Strike beacons and ransomware. Initially advertised in February 2021 on Russian-speaking cybercrime forums for a rental fee of $2,500, the malware has been utilized in ClickFix-like schemes to deceive users into visiting compromised yet legitimate sites. Over time, Matanbuchus’ delivery methods have evolved, incorporating phishing emails with malicious Google Drive links, drive-by downloads from compromised websites, harmful MSI installers, and malvertising. It has been instrumental in deploying numerous secondary payloads such as DanaBot, QakBot, and Cobalt Strike, all of which are precursors to ransomware attacks.
