An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication.
July 16, 2025 By Nate Nelson
Cyberattackers are using active spear phishing and an upgraded malware-as-a-service (MaaS) loader to lubricate high-value ransomware infections.
"Matanbuchus" is a four-year-old luxury malware loader sold as a subscription model on the Dark Web. Its latest 3.0 version has been rewritten from scratch, with a suite of new features "taking into account the wishes of even the most fastidious clients," according to its developer. Among other things, those features include new means of evading detection, establishing persistence, and identifying security tools in a target's system.
Ultimately, the job of Matanbuchus is to facilitate the downloading and execution of secondary payloads — by obtaining system information, helping to bypass security software, etc. Those secondary payloads tend to be ransomware.
