New research by Outpost24 has revealed that malware developers are using sandbox evasion techniques to avoid exposing malicious behaviour inside a sandbox where malware is analysed by security researches. Outpost24’s threat intelligence team, KrakenLabs, discovered that malware developers are using trigonometry to detect human behaviour based on cursor positions to avoid automated security analysis.
The Malware-as-a-Service (MaaS) model poses a significant threat in the realm of cybersecurity. This model allows individuals or groups with limited technical expertise to access and deploy sophisticated malware tools and services, often developed by more skilled cybercriminals. The ease of access to such malicious tools has contributed to an increase in the number and complexity of cyberattacks.
Anti-analysis techniques have been the bane of many security analysts, as they have been included in malware practically since its inception. As the name implies, these techniques are designed to prevent the analysis and understanding of the software they are meant to protect, typically by making it harder to understand when looking at the “code” or by preventing the execution of the malware in controlled environments. Like every other aspect of cybersecurity, malware developers have been playing a game of cat and mouse with security analysts, developing new techniques to detect these environments, while security analysts work on techniques to disable or undo them.
Since December 2022, LummaC2, an information stealer written in C language, has been sold in underground forums. KrakenLabs previously published an lummac2 stealer sandbox technique trigonometry
