Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

How a new malware attack turns Microsoft Teams against you

A new malware campaign uses live Microsoft Teams calls where attackers impersonate IT helpdesk staff to trick employees

byEmre Çıtak
July 18, 2025
in Research
Home Research
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

The Matanbuchus malware loader has been distributed via social engineering on Microsoft Teams calls, impersonating IT helpdesk personnel to execute its payloads directly in memory and evade detection.

First promoted on the dark web in early 2021, Matanbuchus operates as a malware-as-a-service offering, originally priced at $2,500. In June 2022, threat analyst Brad Duncan reported its involvement in delivering Cobalt Strike beacons during a significant malspam campaign. Researchers at Morphisec identified that the latest version of Matanbuchus features enhanced evasion, obfuscation, and post-compromise capabilities. Microsoft Teams has been used by attackers in numerous instances to breach organizations over the years through deceptive tactics that facilitate the initial malware delivery.

Typically, attackers infiltrate chats and trick users into downloading a malicious file that deploys the initial payload on the system. In 2023, a researcher developed a tool exploiting software bugs to permit malware delivery from external accounts. Last year, DarkGate malware operators similarly exploited Microsoft Teams, targeting users with lax ‘External Access’ settings. According to Morphisec, operators of Matanbuchus variant 3.0 have shown a clear preference for using Microsoft Teams for initial access.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The attack begins with an external Microsoft Teams call, where the attacker poses as a legitimate IT helpdesk and convinces the target to utilize Quick Assist, a remote support tool integrated into Windows. This tool enables the attacker to gain interactive remote access and subsequently instructs the user to execute a PowerShell script. This script downloads and extracts a ZIP archive containing three files that facilitate the launch of Matanbuchus through DLL side-loading. Morphisec’s reports detail that Matanbuchus 3.0 brings numerous enhancements, including a switch in command-and-control (C2) communication and string obfuscation from RC4 to Salsa20.


DevOps platforms faced thousands of hours of downtime in 2024


The updated payloads are executed in memory and feature a new anti-sandbox verification routine to ensure operation only in specified locales. Instead of typical Windows API function calls, the malware uses syscalls via custom shellcode, bypassing conventional API wrappers and EDR hooks.

Actions that security tools regularly monitor are obscured further using the ‘MurmurHash3’ non-cryptographic hash function, complicating reverse engineering and static analysis. Regarding post-infection capabilities, Matanbuchus 3.0 can execute CMD commands, PowerShell, or EXE, DLL, MSI, and shellcode payloads.

The malware gathers details such as username, domain, OS build information, running EDR/AV processes, and the elevation status of its own process, whether it is executed as an admin or regular user. Morphisec’s analysis indicates that the malware inspects running processes to identify security applications present on the system and tailor its execution methods based on the security stack of the victim.

Researchers released a thorough technical analysis of Matanbuchus, describing its evolution into a sophisticated threat. They also provided indicators of compromise, including malware samples and the domains utilized by the malware.


Featured image credit

Tags: MalwareMicrosoft Teams

Related Posts

New dark matter theory proposes two particle types

New dark matter theory proposes two particle types

July 14, 2026
Google Dialogflow CX flaw let researchers create rogue agents

Google Dialogflow CX flaw let researchers create rogue agents

July 14, 2026
Penn State researchers build battery-free solar computing chip

Penn State researchers build battery-free solar computing chip

July 14, 2026
Anthropic research introduces GRAM for isolating dangerous AI knowledge

Anthropic research introduces GRAM for isolating dangerous AI knowledge

July 9, 2026
Global PC shipments fall 5% as AI-driven memory crisis hits supply chains

Global PC shipments fall 5% as AI-driven memory crisis hits supply chains

July 9, 2026
Only 6% of Singapore desk workers use AI daily, says Salesforce

Only 6% of Singapore desk workers use AI daily, says Salesforce

July 8, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.