Cybersecurity researchers have flagged an updated variant of a notorious malware loader known as Matanbuchus, which boasts advanced features to enhance its stealth and evade detection. Matanbuchus functions as a malware-as-a-service (MaaS) tool, primarily used to deliver subsequent payloads like Cobalt Strike beacons and ransomware.
Initially advertised on Russian-speaking cybercrime forums in February 2021 for $2,500, Matanbuchus has been utilized in exploitative techniques to deceive users into accessing legitimate but compromised websites. Unlike typical loaders that often spread through spam emails, Matanbuchus relies on hands-on social engineering tactics. This approach allows attackers to directly engage with targets, making it more selective and synchronized than usual malware deliveries.
The latest release, Matanbuchus 3.0, comes equipped with numerous upgrades, such as more refined communication protocols, in-memory execution capabilities, better obfuscation techniques, as well as support for CMD and PowerShell reverse shells. It also has the ability to execute a range of subsequent payloads, including DLLs and EXE files, as noted by the cybersecurity firm Morphisec.
In a recent incident, this malware variant was used against a company that received fraudulent Microsoft Teams calls impersonating IT support. Employees were manipulated into launching Quick Assist for remote access, after which a PowerShell script was executed to deploy Matanbuchus.
Morphisec’s CTO, Michael Gorelik, emphasized that victims are often carefully targeted and lured into executing a script that ultimately triggers the malware download. The package includes a disguised Notepad++ updater, a modified configuration XML file, and a malevolent DLL functioning as the Matanbuchus loader.
The updated version is being marketed for $10,000 per month for the HTTPS variant and $15,000 for DNS. Once activated, Matanbuchus collects system details, scans running processes to identify security tools, and checks for administrative privileges before communicating with a command-and-control server to receive additional payloads.
Developers of Matanbuchus have incorporated sophisticated techniques for scheduling tasks and processing commands, ensuring stealthy operations that manipulate system services for persistence.
As a growing trend in malware, Matanbuchus 3.0 represents a tangible threat, emphasizing the need for enhanced security measures against evolving cyber threats in enterprise collaboration tools like Microsoft Teams and Zoom. Threat researchers assert that these loaders should be mapped as part of comprehensive attack surface management strategies.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.