Subj : This malware uses trigonometry to stop it from being detected and To : All From : TechnologyDaily Date : Tue Nov 21 2023 19:15:05 This malware uses trigonometry to stop it from being detected and blocked Date: Tue, 21 Nov 2023 19:02:46 +0000 Description: Hackers have found an ingenious way to spot an antivirus sandbox and prevent infostealer from being spotted. FULL STORY ====================================================================== The notion that hackers are constantly evolving their tactics has once again been proven, after a new strain of malware user was found to be using trigonometry to avoid detection. Cybersecurity researchers Outpost24 recently analyzed the latest version of Lumma Stealer, a known infostealer malware capable of grabbing passwords stored in popular browsers , cookies, credit card information, and data related to cryptocurrency wallets. Lumma is offered as a service, for a subscription fee ranging between $250 and $1,000. In its analysis, Outpost24s researchers found that Lummas fourth version comes with a number of new evasion techniques, allowing it to operate next to most antivirus or endpoint protection services. These techniques include control flow flattening obfuscation, human-mouse activity detection, XOR encrypted strings, support for dynamic configuration files, and enforcement of crypto use on all builds. Reader Offer: $50 Amazon gift card with demo Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security. Preferred partner ( What does this mean? ) Using mouse movement Of these techniques, the detection of human-mouse activity is the most interesting one, as thats how the infostealer can see if its running in an antivirus sandbox. As the researchers explain, the malware tracks the cursors position and records a series of five distinct positions in intervals of 50 milliseconds. Then, using trigonometry, it analyzes these positions as Euclidean vectors, calculating the angles and vector magnitudes that form the detected movement. Vector angles below 45 degrees mean the mouse is being operated by a human. If the angles are higher, the infostealer assumes its being run in a sandbox and stops all activity. It resumes operations once it determines mouse activity as human again. The threshold of 45 degrees is arbitrary, the researchers further stated, suggesting that its probably based on research data. Infostealers are a popular hacking tool, as they allow threat actors to gain access to important services, such as social media accounts or email accounts. Furthermore, by stealing banking data or cryptocurrency wallet-related data, the attackers can steal victim funds and crypto tokens. Via BleepingComputer More from TechRadar Pro A huge hoard of Boeing data leaked by LockBit ransomware Here's a list of the best firewalls today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-malware-uses-trigonometry-to-stop- it-being-detected --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .