LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts.

The method is designed to “delay detonation of the sample until human mouse activity is detected,” Outpost24 security researcher Alberto Marín said in a technical report shared with The Hacker News.

Written in the C programming language, LummaC2 has been sold in underground forums since December 2022. The malware has since received iterative updates that make it harder to analyze via control flow flattening and even allow it to deliver additional payloads.

Once all the five cursor positions (P0, P1, P2, P3, and P4) meet the requirements, LummaC2 treats them as Euclidean vectors and calculates the angle that’s formed between two consecutive vectors (P01-P12, P12-P23, and P23-P34).

The development comes amid the emergence of new strains of information stealers and remote access trojans such as BbyStealerTrap StealerPredator AI, and Sayler RAT that are designed to extract a wide range of sensitive data from compromised systems.

Predator AI, an actively maintained project, is also notable for the fact that it can be used to attack many popular cloud services such as AWS, PayPal, Razorpay, and Twilio, in addition to incorporating a ChatGPT API to “make the tool easier to use,” SentinelOne noted earlier this month.