November 20, 2023 at 05:06PM
The latest version of the LummaC2 malware-as-a-service has a new anti-sandbox feature. Version 4.0 uses trigonometry to track mouse movements and detect when a human user is active on a compromised computer. This allows the malware to avoid detection in sandboxes and gain access to the network. While the use of trigonometry is interesting, security teams are likely to find effective methods to counter this technique.
Key Takeaways:
– The latest version of the LummaC2 malware-as-a-service, version 4.0, includes an anti-sandbox maneuver.
– This version of LummaC2 uses trigonometry to track mouse movements and detect human user activity on compromised computers.
– By only deploying when a human is active, LummaC2 avoids detection in sandbox environments.
– The malware continuously tracks and maps the placement of the cursor at multiple points to detect human movement.
– LummaC2 4.0 is constantly being updated with new features, including improvements to obfuscation techniques and updates to its control panel.
– Malware developers are engaged in an ongoing game with defenders, continually evolving their techniques.
– While the use of trigonometry is interesting, security teams believe current countermeasures against anti-sandbox measures will likely be effective against this technique as well.
Overall, LummaC2 version 4.0 introduces new techniques to evade detection in sandbox environments, but security experts are confident that current countermeasures will remain effective against this malware.