Hackers Use Teams Calls To Hijack Systems

The dangerous malware loader Matanbuchus has evolved into version 3.0, which enables attackers to conduct stealthy operations, resulting in ransomware infections.

Matanbuchus has existed as a Malware-as-a-Service (MaaS) since 2021, enabling cybercriminals to penetrate Windows systems before installing additional destructive malware.

The latest version has added powerful tools. “Matanbuchus 3.0 was introduced with significant updates to its arsenal,” researchers at Morphisec said. The updated version includes new delivery methods, enhanced communication protocols, memory-hiding capabilities, and security system evasion features. It even mimics apps like Skype to hide its activity.

Morphisec report notes that one alarming case happened in July 2025. An attacker impersonated IT support through a fake Microsoft Teams call. The attacker tricked an employee into executing a script, which secretly deployed Matanbuchus.

Morphisec explains that the script unpacked a zip file with a renamed Notepad++ updater and a corrupted configuration file. This version tricked users using a nearly identical domain: instead of the real site ‘notepad-plus-plus.org’, attackers used ‘notepad-plus-plu[.]org’.

Once installed, the malware performs a system check to verify it operates on a genuine computer instead of a testing environment. The malware steals system data, including username information, security software details, and operating system specifications. Attackers receive encrypted stolen data, through which they choose their next course of action, including malware or ransomware deployment.

The Matanbuchus 3.0 malware costs $10,000 for the HTTP version, while the DNS version requires a $15,000 investment, as reported by Morphisec. The codebase allows users to execute commands through CMD, PowerShell, and WQL, gather installed applications and updates, and perform deep system-level operations, including process injection.

With its advanced stealth and wide range of tools, experts at Morphisec warn Matanbuchus 3.0 is “a significant risk to compromised systems.” Cybersecurity teams are urged to stay alert for signs of this malware and educate staff about social engineering threats.