This malware uses trigonometry to prevent its detection and blocking

The idea that hackers are constantly evolving their tactics has been proven once again, after a new strain of malware users was discovered to be using trigonometry to avoid detection.

Cybersecurity researchers Outpost24 recently analyzed the latest version of Lumma Stealer, a known information-stealing malware capable of recovering passwords stored in popular browsers, cookies, credit card information and data related to cryptocurrency wallets. Lumma is offered as a service, with a subscription fee ranging from $250 to $1,000.

In their analysis, Outpost24 researchers found that the fourth version of Lumma comes with a number of new evasion techniques, allowing it to work alongside most antivirus or endpoint protection services. These techniques include control flow flattening obfuscation, human-mouse activity detection, XOR encrypted strings, support for dynamic configuration files, and enforcing the use of encryption on all versions.

Use mouse movement

Among these techniques, detecting human-mouse activity is the most interesting, because this is how the information thief can see if it is working in an antivirus sandbox. As the researchers explain, the malware tracks the position of the cursor and records a series of five distinct positions at 50 millisecond intervals. Then, using trigonometry, it analyzes these positions as Euclidean vectors, calculating the angles and vector quantities that form the detected motion.

Vector angles less than 45 degrees mean the mouse is being used by a human. If the angles are higher, the infostealer assumes it is running in a sandbox and stops all activity. It resumes operations once it determines that the mouse activity is human again.

The 45-degree threshold is arbitrary, the researchers added, suggesting it is likely based on research data.

Infostealers are a popular hacking tool because they allow bad actors to access important services, such as social media accounts or email accounts. Additionally, by stealing banking data or cryptocurrency wallet-related data, attackers can steal victims’ funds and crypto tokens.

Via BeepComputer

News Alert

COP28: Why the Climate Summit is important and what are the issues

Hamas says Israel rejected offer to extend ceasefire in exchange for 7 more women and children and bodies of 3 Israelis

Watch and stream online via HBO Max

Learn ASL: Best American Sign Language Course Bundle

Israel considers how to eliminate threat from Hamas fighters in Gaza

Did Joo-Wan kill Pyo Ye-Jin?

Microsoft’s Your Phone could soon let you use your phone as a webcam

Why no one wants to pay for the green transition

COP28: Why the Climate Summit is important and what are the issues

Hamas says Israel rejected offer to extend ceasefire in exchange for 7 more women and children and bodies of 3 Israelis

Watch and stream online via HBO Max

Learn ASL: Best American Sign Language Course Bundle

This malware uses trigonometry to prevent its detection and blocking

+ There are no comments

Cancel reply

What is Orca 2? Microsoft’s latest version could outperform smaller models and compete with larger models

OpenAI board could move closer to Sam Altman’s return

You May Also Like:

COP28: Why the Climate Summit is important and what are the issues

Hamas says Israel rejected offer to extend ceasefire in exchange for 7 more women and children and bodies of 3 Israelis

Watch and stream online via HBO Max

Learn ASL: Best American Sign Language Course Bundle

Israel considers how to eliminate threat from Hamas fighters in Gaza

Did Joo-Wan kill Pyo Ye-Jin?

Microsoft’s Your Phone could soon let you use your phone as a webcam

News Alert

Top Tagged

+ There are no comments

What is Orca 2? Microsoft’s latest version could outperform smaller models and compete with larger models

OpenAI board could move closer to Sam Altman’s return