Malware Uses Trigonometry to Track Mouse Strokes

The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.

The latest version of the LummaC2 malware-as-a-service includes a new anti-sandbox maneuver — version 4.0 knows trigonometry and can use it to track mouse movements to detect when a human user is active on a compromised computer.
Sandboxing
lets cybersecurity defenders run untrusted applications in an isolated environment, where its behavior can be tracked safely away from the rest of the network. By only deploying when a human is active, the LummaC2
infostealer
avoids spilling its secrets to threat hunters in a sandbox, by only detonating when operating on a human-controlled computer, where it can actually gain a foothold in the network.
LummaC2 v4.0 continuously tracks and maps
the placement of the machines cursor at five distinct points, until the cursor positions differ widely enough to show human movement, a new report on the development from Outpost 24 explained.
After checking that all five captured cursor positions meet the requirements, LummaC2 v4.0 usestrigonometryto detect human behavior, the report said. If it does not detect this human-like behavior, it will start the process all over again from the beginning.
LummaC2 4.0 is constantly being updated with new features, the report added, including recent improvements to its obfuscation techniques, as well as updates to its control panel.
These incremental upgrades being rolled out by malware developers is a good example of the endless game of chicken being played by cybercriminals and defenders, according to a statement from Andrew Barratt, vice president at Coalfire.
Sandbox detection is a relatively common malware concept these days, Barratt said. Sandbox-based analysts will now have to ensure theyre emulating mouse activity based on actual patterns or that just follows the tracking requirements.
Although the trigonometry angle is interesting, Amelia Buck, a cybersecurity expert with Menlo Security, agrees the new mathed-up malware wont likely be a huge problem for security teams to protect against.
The impact will be limited since the current method to counter anti-sandbox measures is likely to be effective against this technique as well, Buck said in a statement. Its worth noting that the use of trigonometry in this technique adds an interesting element.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Malware Uses Trigonometry to Track Mouse Strokes