Security News > 2023 > November > Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
Lumma is a malware-as-a-service information stealer rented to cybercriminals for a subscription between $250 and $1,000.
A new Outpost24 report looking at the new Lumma Stealer version 4.0 found several significant updates on how the malware evades detection and thwarts automated analysis of its samples.
If the calculated vector angles are below 45 degrees, Lumma assumes that the malware movements aren't emulated by software, allowing the execution to continue.
Another interesting development concerning the Lumma operation is the requirement to use a crypter to protect the malware executable from leaking to non-paying hackers and threat analysts.
The latest version of the Lumma stealer demonstrates a heightened emphasis on evading analysis, introducing multiple layers of protective measures designed to thwart and complicate any attempts at dissecting and understanding its mechanisms.