The Matanbuchus malware loader has evolved into a sophisticated threat, leveraging social engineering on Microsoft Teams to gain initial access. Its latest version features advanced evasion, obfuscation, and post-compromise capabilities, making detection and analysis more difficult. #Matanbuchus #MicrosoftTeams
Keypoints
- Matanbuchus is promoted as a malware-as-a-service on the dark web since 2021.
- Attackers exploit Microsoft Teams, impersonating IT helpdesk, to deliver malware payloads.
- The latest Matanbuchus 3.0 version uses encryption and obfuscation techniques like Salsa20 and MurmurHash3.
- Malware now executes in memory and employs custom shellcode to evade security tools.
- Matanbuchus gathers system information and checks for security software to adapt its actions.