Cybercriminals are now abusing Microsoft Teams and Quick Assist to install malware directly onto corporate systems with no suspicious links or sketchy downloads.
The malware in question, Matanbuchus 3.0, is a stealthy, fileless loader that can quietly establish long-term access, deliver additional payloads, and persist inside your network without triggering common antivirus tools. This marks a dangerous shift in how adversaries are weaponizing trusted collaboration platforms.
Any organization using Microsoft Teams for internal communications, including cleared defense contractors, is a potential target. These attacks rely on social engineering, not technical vulnerabilities, meaning every user is a potential entry point.
If your organization allows:
…then you may already be in scope for this threat.
Matanbuchus is a malware-as-a-service platform capable of reverse shells, evading antivirus, and downloading additional payloads on command, all while flying under most radar.
ISI is monitoring abuse of collaboration tools like Teams, Zoom, and Quick Assist. We’ll continue to provide threat insights and mitigation steps as new vectors emerge. If you’ve received a suspicious call, we can help:
These attackers are exploiting trust, not technology. Just because a request comes through a legitimate platform doesn’t mean that it’s safe. Stay vigilant, report early, and never grant remote access unless you’re absolutely sure of who’s on the other end.
Stay secure,
The ISI Cybersecurity Team