Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

  • Researchers from Morphisec spotted Matanbuchus 3.0 in the wild
  • The malware serves as a loader for Cobalt Strike or ransomware
  • The victims are approached via Teams and asked for remote acccess

Security researchers are warning about an ongoing campaign leveraging Microsoft Teams calls to deploy a piece of

The protection you need against today’s evolving cyberthreats

Today’s cyberthreats are more sophisticated and scams are harder to detect. That’s why we made our all-in-one security more powerful to keep you safer online. Norton 360 now with Genie AI-powered scam detection. Advanced tech for advanced threats starting at $29.99 the first year.

Preferred partner (What does this mean?)View Deal

Expensive malware-as-a-service

Once the access is granted, usually through Quick Assist, the attackers execute a PowerShell script that deploys Matanbuchus 3.0, a malware loader that can lead to Cobalt Strike beacons, or even ransomware.

“Victims are carefully targeted and persuaded to execute a script that triggers the download of an archive,” Morphisec CTO Michael Gorelik said. “This archive contains a renamed Notepad++ updater (GUP), a slightly modified configuration XML file, and a malicious side-loaded DLL representing the Matanbuchus loader.”

This malware was first spotted in 2021, The Hacker News reports, where cybercriminals advertised it on Russian-speaking forums for $2,500. Since then, the malware has evolved to include new features, better communication, more stealth, CMD and PowerShell support, and more. It also apparently costs more, now having a monthly service price of $10,000 for the HTTPS version and $15,000 for the DNS version.

While the researchers do not identify the attackers, they did say that similar social engineering tactics were used in the past by a group called Black Basta to deploy ransomware.

In the past, Black Basta was one of the most dangerous ransomware operations in existence, but has since then slowly phased out. In late February this year, a cybercriminal released chat logs that detailed the inner workings of the group.

Via The Hacker News

You might also like

Related Articles

Sem imagem
‘A ticking time bomb’: US trains are vulnerable to a simple 13-year-old known security vulnerability – here’s what you need to know
Sem imagem Past Wordle answers – every solution so far, alphabetical and by date
<div>AMD ThreadRipper PRO 9995WX could sell for $13,000 — yes, it’s over 2x the price of the 96-core EPYC 9655 and I just wished Intel had a direct competitor</div>
AMD ThreadRipper PRO 9995WX could sell for $13,000 — yes, it’s over 2x the price of the 96-core EPYC 9655 and I just wished Intel had a direct competitor
Sem imagem Brain MAX by ClickUp

Request data export

Use this form to request a copy of your data on this website.

Request data removal

Use this form to request removal of your data from this website.

Request data rectification

Use this form to request the rectification of your data on this website. Here you can correct or update your data, for example.

Request unsubscribe

Use this form to request to unsubscribe your email from our email lists.