Hackers Exploit Microsoft Teams to Deploy Sophisticated Matanbuchus Malware

There is no end to cybercriminals’ imagination in deploying malware and gaining access to company IT systems and data. One of the most recent examples discovered by the CyberFlow cybersecurity team is a Microsoft Teams phishing attack.

In this instance, hackers instruct company employees to download and execute an archive file. This archive contains one of the most dangerous and sophisticated software-as-a-service packages, Matanbuchus 3.0.

A Targeted Attack Disguised as an IT Helpdesk Call

In this instance, hackers act with a clear purpose. Breach details from all over the world indicate that they target specific companies that rely on outsourced IT support. This helps them persuade the target employee that they are a genuine IT technician, even though they do not appear in the victim’s contact list.

The cybercriminals exploit Microsoft Teams security vulnerabilities to infiltrate the target company’s chat. They make an external call and inform the victim that they are the IT helpdesk and they have identified a problem with their computer.

In general, they quickly win the target employee’s trust and convince them to launch Quick Assist, Microsoft Windows’ built-in remote support tool. The victim is instructed to download and unpack a ZIP archive.

The archive contains three files which launch Matanbuchus variant 3.0.

How Dangerous Is Matanbuchus Malware?

This malware is considered “extremely sophisticated” by cybersecurity experts. The malware has been around since 2021, being offered on the dark web as a malware-as-a-service Windows loader.

It is particularly dangerous because it executes the malicious payload directly into the computer memory, thus evading detection by antivirus and anti-malware tools. It is also capable of executing egsvr32, rundll32, msiexec, and process hollowing commands, which makes Matanbuchus variant 3.0 one of the most versatile types of malware.

Once installed, it collects various data, such as:

• Username
• Domain
• OS build information
• The elevation status of computer processes (admin or regular user).

These details show how dangerous the new Microsoft Teams phishing attack is.

How to Protect Your Business against the New Microsoft Team Phishing

For the IT-Flow business IT services team, this attack is particularly dangerous due to how quickly hackers gain their victims’ trust. In a matter of minutes, they persuade the employee:

• That they have a problem with their computer, without any visible warning signs
• To start a remote access session
• To download and install a file on their computer.

Once installed into the system, the malware quietly executes commands, flying under the radar of all detection tools and effectively giving hackers unlimited access to the computer and any IT systems it is connected to.

Protecting your business against this Microsoft Teams security breach requires ongoing employee training on cybersecurity matters. They must also follow strict protocols regarding:

• Identifying genuine IT support staff
• Giving anyone access to their device
• Installing files from unknown sources.

Let CyberFlow Protect Your IT Systems against All Types of Attacks!

The online world is increasingly dangerous for all businesses. Cybercriminals target large organisations and small businesses alike, making a profit out of any kind of data they can steal.

The new Microsoft Teams phishing attack demonstrates how vulnerable companies are when a clever hacker manages to win an employee’s trust. This is why trust must be closely regulated and given sparingly.

CyberFlow can help you implement zero-trust policies and install effective threat detection and prevention tools. Your data is valuable, and we are your first and best line of defence against hackers.

Contact us today to secure your IT network and systems!