Security researchers spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM).Digital security firm MalwareLab came across a sample of the trojan that checked to see whether a computer’s screen resolution was either 800×600 or 1024×768. It then terminated if it found that the screen resolution matched either of those specifications.
The screen resolution check performed by Trickbot. (Source: Bleeping Computer)These particular screen resolutions aren’t arbitrary. Bleeping Computer explains that those settings both have to do with how security researchers configure a virtual machine by not installing guest software that allows for better screen resolutions:The software is not installed as malware commonly checks for files, registry keys, and processes used by the virtual machine guest software.Without the guest software, though, a virtual machine will typically not allow any resolutions other than 800×600 and 1024×768, compared to ordinary screen resolutions that are much higher.As a result, this new check helped Trickbot to determine whether it had landed on a virtual machine and in security researchers’ cross-hairs. It terminated itself if it discovered the presence of those screen resolutions, thereby preventing security researchers who were using a VM from analyzing it.This discovery wasn’t the first time that Trickbot made headlines in 2020. Back in mid-April, for instance, security researchers revealed that Trickbot was the most prolific malware in terms of COVID-19 lures. That was less than two months before analysts uncovered a malicious email campaign that leveraged a fake Black Lives Matter voting campaign to ..
Support the originator by clicking the read the rest link below.
