The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is running in a virtual machine. If it is, it is most likely being analyzed by a researcher or an automated sandbox system. These anti-VM techniques include looking for particular processes, Windows services, or machine names, and even checking network card MAC addresses or CPU features.
Experts Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Tarik Saleh, Senior Security Engineer and Malware Researcher, provides expert commentary at @Information Security Buzz.
"It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/trickbot-malware-now-checks-screen-resolution-to-evade-analysis-expert-reaction
Facebook Message
@Tarik Saleh, Senior Security Engineer and Malware Researcher, provides expert commentary at @Information Security Buzz.
"It is modular and constantly being updated and has been tied in the past to the Ryuk ransomware and being used to drop other tools. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/trickbot-malware-now-checks-screen-resolution-to-evade-analysis-expert-reaction