Hackers Hijack Microsoft Teams to Spread Malware to Certain Firms: Find Out If You're at Risk
Security researchers are sounding the alarm about an ongoing campaign that is leveraging Microsoft Teams calls to deploy a piece of malware called Matanbuchus 3.0. According to cybersec outfit Morphisec, an unidentified hacking group has been targeting its victims, and then reaching out via Microsoft Teams, posing as an external IT team.
The hackers try to persuade the victim that they have a problem with their device and that they need to grant remote access in order to fix the issue. Since the victims are carefully cherry-picked, there is a higher chance of success. However, this also means that the attackers are more likely to get what they want from them.
Protecting yourself against today's evolving cyberthreats requires all-in-one security solutions that can keep you safer online. That's why we've made our Norton 360 product even more powerful with Genie AI-powered scam detection. Advanced tech for advanced threats starts at $29.99 per year, making it an affordable solution to safeguard your digital life.
Once the access is granted, usually through Quick Assist, the attackers execute a PowerShell script that deploys Matanbuchus 3.0, a malware loader that can lead to Cobalt Strike beacons, or even ransomware. "Victims are carefully targeted and persuaded to execute a script that triggers the download of an archive," Morphisec CTO Michael Gorelik said. "This archive contains a renamed Notepad++ updater (GUP), a slightly modified configuration XML file, and a malicious side-loaded DLL representing the Matanbuchus loader."
The malware was first spotted in 2021, where cybercriminals advertised it on Russian-speaking forums for $2,500. Since then, it has evolved to include new features, better communication, more stealth, CMD and PowerShell support, and more. It also appears to cost more now, with a monthly service price of $10,000 for the HTTPS version and $15,000 for the DNS version.
While the researchers do not identify the attackers, they did say that similar social engineering tactics were used in the past by a group called Black Basta to deploy ransomware. Black Basta was one of the most dangerous ransomware operations in existence, but has since then slowly phased out. In late February this year, a cybercriminal released chat logs that detailed the inner workings of the group.
It's essential for businesses and individuals alike to be aware of these types of threats and take necessary precautions to protect themselves. By understanding how hackers operate and being prepared, you can significantly reduce the risk of falling victim to malware attacks like Matanbuchus 3.0.
Stay Safe Online with Norton 360
Norton 360 is an all-in-one security solution that provides top-notch protection against today's evolving cyberthreats. With Genie AI-powered scam detection, it can detect and block sophisticated phishing attacks, fake emails, and other online threats before they reach your device.
Plus, with advanced tech for advanced threats, Norton 360 offers comprehensive protection against ransomware, malware, and other types of cyberattacks. It's also affordable, starting at $29.99 per year, making it an excellent investment for anyone looking to safeguard their digital life.