The LummaC2 virus was taught to track a mouse using

The LummaC2 virus was taught to track a mouse using trigonometry

Company cybersecurity experts Outpost 24 discovered an updated version of the LummaC2 4.0 virus, which uses trigonometric methods to track the position of the mouse cursor on the screen, thereby determining the user’s presence – this helps him to remain inactive the rest of the time and makes it difficult to learn in the sandbox.

    Image source: Pexels /

Image source: Pexels /

Sandboxing allows cybersecurity professionals to restrict the operating environment of suspicious applications so that their activities can be monitored in isolation from the vulnerable environment. Designed for data theft, LummaC2 4.0 prevents it from falling into the sandbox because it only activates when a person is working on the computer.

The virus tracks the position of the mouse cursor at five key points, causing it to trigger only when the difference between its positions is large enough to indicate a living user – human actions are calculated using trigonometry. If it is not detected, the malware cycle begins again.

LummaC2 4.0 differs from previous versions in other innovations, including more effective obfuscation methods that make the code more difficult to analyze and a more convenient control panel, which is important for a virus sold by developers. Cybersecurity experts note that the innovative mechanism of LummaC2 4.0 makes it a little more difficult to study: you need a mouse emulator based on patterns characteristic of a live user or analysis of the tracking algorithm. Trigonometric analysis methods are of course an ingenious solution, but experts are certain that they are unlikely to be a decisive factor in the spread of the virus.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment