What Is Matanbuchus 3.0?
Matanbuchus 3.0 is a dangerous malware loader. It belongs to a growing Malware-as-a-Service (MaaS) trend.
Cybercriminals use this loader to install more harmful tools like ransomware or data stealers. First seen in 2021, Matanbuchus was sold on underground forums. Now, version 3.0 has become more advanced and harder to detect.
This malware now supports reverse shells through CMD and PowerShell. It can also run various next-stage payloads like DLL, EXE, and shellcode. These features make it highly versatile and stealthy.
How Hackers Deliver the Malware
Cyber attackers are getting creative. They recently used Microsoft Teams to carry out a new attack.
In one case, attackers posed as IT help desk staff. They contacted employees via external Teams calls. Then, they tricked them into launching a support tool called Quick Assist.
Once the attackers gained access, they ran a PowerShell script. This script silently installed Matanbuchus 3.0. The fake support call helped the malware bypass normal defenses.
How the Malware Works
Once installed, Matanbuchus collects system details. It scans running processes and checks for antivirus tools.
If it has admin rights, it creates a scheduled task to stay active on the system. The malware then contacts its control server. It may receive more payloads to install.
To remain hidden, it uses COM object manipulation and shellcode injection. It also supports stealth techniques like in-memory operations and obfuscation.
Malware-as-a-Service: A Growing Threat
MaaS platforms like Matanbuchus are booming. Criminals offer these tools on the dark web for monthly fees.
Prices for Matanbuchus 3.0 range from $10,000 to $15,000, depending on the version. These services lower the skill bar needed for launching cyberattacks.
They also promote a criminal “affiliate” model. Hackers join as affiliates and use the tools provided to target victims for profit.
Why Matanbuchus 3.0 Is So Dangerous
This malware is not just a simple loader. It supports WQL queries, LOLBins, PowerShell stagers, and COM hijacking.
It can download new malware, run scripts, or hijack system processes. These features make detection and removal very difficult.
Researchers note that this loader fits a larger trend. Hackers now prefer stealth-first tools to avoid alerting security software.
Abuse of Business Apps on the Rise
Cybercriminals are exploiting collaboration tools more often. Microsoft Teams, Zoom, and others are being used in social engineering attacks.
These tools provide a trusted space. Attackers abuse this trust to trick users into running malicious files or giving remote access. Security teams now monitor how these apps can increase an organization’s attack surface. Matanbuchus is just one of many threats spreading this way.
How to Stay Protected
To prevent these types of attacks, companies must strengthen endpoint protection and educate staff on social engineering tricks.
Using behavioral monitoring and automated incident response tools can block stealthy malware like Matanbuchus before it spreads. Additionally, deploying AI-driven threat detection and access control systems helps identify suspicious activity from trusted tools like Teams.
Sleep well, we got you covered.
