Prevent undetectable malware and 0-day exploits with AppGuard!

Matanbuchus 3.0 Exploits Teams: Why Containment Beats Detection

Tony Chiappetta
by Tony Chiappetta
August 28, 2025

Stop Playing the Crazy Game: It's Time for Isolation and Containment

In a chilling new development, Matanbuchus 3.0, a sophisticated malware-as-a-service loader, is now exploiting Microsoft Teams and Quick Assist to infiltrate organizations.

Researchers recently uncovered an incident where attackers posed as an IT help desk via a Teams call—then persuaded employees to launch Quick Assist. Once remote access was granted, a PowerShell script quietly deployed the malware on the victim’s machine The Hacker News.

This new variant packs serious firepower: in-memory execution, advanced obfuscation, enhanced communication protocols, support for CMD and PowerShell reverse shells, and the ability to execute DLLs, EXEs, shellcode, or MSI installers. Since its debut on Russian cybercrime forums in 2021, originally rented for roughly $2,500, it’s now advertised at up to $15,000 per month.

Once active, Matanbuchus 3.0 quietly gathers information about the system, checks for security tools, sends data back to a command-and-control server, and establishes persistence often via scheduled tasks using advanced COM techniques and shellcode injection. This stealthy, living-off-the-land approach lets it slip past traditional defense tools and evade detection.

Why Detect-and-Respond Won’t Cut It Anymore

Traditional endpoint protection models focus on detection and response. In essence, you wait until something goes wrong, then you scramble to fix it. But with stealth-first, in-memory malware like Matanbuchus 3.0, that “wait until you find it” model is too slow and it may already be too late. By the time malware reveals itself, the damage is done.

It’s time to stop playing the crazy game of chasing threats after they land. Instead, we must shift to a model built around isolation and containment—preventing threats from ever taking hold in the first place.

Enter AppGuard: A Proven, Isolation-First Endpoint Protection

AppGuard brings over a decade of battle-tested protection, now available for widespread commercial use. Rather than waiting for malware to behave maliciously, AppGuard isolates unknown or untrusted code entirely making it impossible for stealthy loaders like Matanbuchus to execute or persist.

Why AppGuard works where others fail:

  • It isolates untrusted binaries and scripts, preventing execution entirely.

  • It blocks living-off-the-land techniques by restricting behavior of binaries like regsvr32, rundll32, PowerShell, and others commonly abused by malware.

  • It doesn’t rely on signatures or detection; it proactively contains threats, effectively stopping them at the door.

With a decade of successful deployments in high-risk environments, AppGuard has proven it can stop threats that evade other tools. It’s the kind of forward-thinking, prevention-first strategy we need getting ahead of threats rather than chasing them.

Business Owners: It’s Time to Act

Don’t let your organization be the next headline. Stop playing the crazy game of detect-and-respond.

Move to “Isolation and Containment” with AppGuard.

Talk with us at CHIPS. We’ll show you how AppGuard protects against stealthy threats like Matanbuchus 3.0, eliminates living-off-the-land exploitation, and keeps your endpoints securely contained. Let’s make your security strategy smarter, simpler, and far more resilient.

Like this article? Please share it with others!

 
Tags:
AppGuard, 0-day, Ransomware
Tony Chiappetta
Post by Tony Chiappetta
August 28, 2025
Follow me on my website Follow me on LinkedIn

Comments
How You Can Achieve Zero Trust Protection on an Endpoint

How You Can Achieve Zero Trust Protection on an Endpoint

Some IT Professionals say Zero Trust is impossible to implement however, the US Federal Government has been using these principles for decades.  Download our White Paper to learn how to fully secure your computers.