A new scam is making the rounds where attackers pretend to be IT support staff and actually call employees through Microsoft Teams. Their goal? To trick you into installing dangerous software called Matanbuchus that lets them spy on your computer and steal data.
Here’s how it works:
The scammer reaches out through Microsoft Teams. They may claim they're from your IT department and need to fix something on your computer. During the call, they ask you to open a remote support tool like Windows Quick Assist or follow a few simple steps in a script or download. Completing the steps will allow the attacker a foothold into your computer without your knowledge. From this point the attacker can install Matanbuchus or other malware.
Once that malware is in, it works quietly in the background. It can steal information, let hackers run harmful programs, or even help them break into your company’s network. Because the attack uses real tools (like Teams and Notepad++), and the malware hides in memory instead of on the hard drive, it can sneak past many basic security systems.
Why is this especially dangerous? Because many of us trust Microsoft Teams. It’s the app we use to chat with coworkers, join meetings, and sometimes get support from real IT teams. When a “support person” calls on Teams, we’re more likely to believe them. Attackers use this trust to their advantage and because the Matanbuchus malware operates in memory and uses legitimate software to execute, it can evade many endpoint detection solutions.
So, what can you do?
Contact us if you’d like to learn more!
At InfoPathways, we’re helping our clients stay ahead of these evolving scams. That includes educating users, locking down settings in Microsoft Teams, and using tools that detect these kinds of threats.
If you have questions about keeping your business secure—or if you just want to make sure your Teams setup is safe—reach out to us. We’re happy to help.