Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads. Matanbuchus is a malware-as-a-service (MaaS) project first spotted in February 2021 in advertisements on the dark web promoting it as a $2,500 loader that launches executables directly into system memory.