This malware uses trigonometry to stop it from being detected and blocked

News
By published

Hackers have found an ingenious mathematical method to spot an antivirus sandbox

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

The notion that hackers are constantly evolving their tactics has once again been proven, after a new strain of malware user was found to be using trigonometry to avoid detection.

Cybersecurity researchers Outpost24 recently analyzed the latest version of Lumma Stealer, a known infostealer malware capable of grabbing passwords stored in popular browsers, cookies, credit card information, and data related to cryptocurrency wallets. Lumma is offered as a service, for a subscription fee ranging between $250 and $1,000.

In its analysis, Outpost24’s researchers found that Lumma’s fourth version comes with a number of new evasion techniques, allowing it to operate next to most antivirus or endpoint protection services. These techniques include control flow flattening obfuscation, human-mouse activity detection, XOR encrypted strings, support for dynamic configuration files, and enforcement of crypto use on all builds.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Using mouse movement

Of these techniques, the detection of human-mouse activity is the most interesting one, as that’s how the infostealer can see if it’s running in an antivirus sandbox. As the researchers explain, the malware tracks the cursor’s position and records a series of five distinct positions in intervals of 50 milliseconds. Then, using trigonometry, it analyzes these positions as Euclidean vectors, calculating the angles and vector magnitudes that form the detected movement.

Vector angles below 45 degrees mean the mouse is being operated by a human. If the angles are higher, the infostealer assumes it’s being run in a sandbox and stops all activity. It resumes operations once it determines mouse activity as human again. 

The threshold of 45 degrees is arbitrary, the researchers further stated, suggesting that it’s probably based on research data. 

Infostealers are a popular hacking tool, as they allow threat actors to gain access to important services, such as social media accounts or email accounts. Furthermore, by stealing banking data or cryptocurrency wallet-related data, the attackers can steal victim funds and crypto tokens.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Mustang Panda
Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc
Trojan
Hackers hide malware into website images to go unnoticed
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Broadcom warns of worrying security flaws affecting VMware tools
Assorted Apple and Asus laptops on orange background with big savings text overlay

These are the 16 laptop deals I'd recommend to anybody in the spring sales – including MacBooks and gaming laptops
See more latest
Most Popular
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one