There is a malware that is using trigonometry to avoid detection

There is a malware that is using trigonometry to avoid detection

The world of hacking keeps getting more sophisticated, and here’s the latest proof: a new strain of malware using trigonometry to stay under the radar. Cybersecurity researchers from Outpost24 delved into the newest version of Lumma Stealer, a notorious infostealer malware with a subscription fee ranging from $250 to $1,000. This malware is capable of snatching passwords, cookies, credit card info, and data linked to cryptocurrency wallets.

In their analysis, Outpost24’s researchers unveiled Lumma’s fourth version, armed with fresh evasion tactics that let it dance around most antivirus or endpoint protection services. These tactics include control flow flattening obfuscation, human-mouse activity detection, XOR encrypted strings, support for dynamic configuration files, and a crypto-use mandate on all builds.

Now, here’s where it gets interesting – Lumma uses trigonometry to detect if it’s running in an antivirus sandbox. It tracks the cursor’s position, records five distinct positions at 50-millisecond intervals, and then, through trigonometric wizardry, analyzes these positions as Euclidean vectors, calculating angles and vector magnitudes. If the vector angles are below 45 degrees, it figures a human is at the mouse. If higher, it assumes a sandbox and freezes all activity until it senses human-like mouse movement again.

The 45-degree threshold might seem random, but the researchers suspect it’s rooted in some research data. Infostealers like Lumma are a hacker’s go-to, offering access to crucial services like social media or email accounts.