ePrivacy and GPDR Cookie Consent by Cookie Consent
How Malware Uses Screen Resolution to Avoid Detection – Digitalmunition




u9uMG2qZKm4CewVe25QMRmjtwcH9KYhF16fh1LElxOw.jpgautowebps0d1c6be470453cdf0b9a0f27cd09cc4a25e4369e.jpeg

Home Forums How Malware Uses Screen Resolution to Avoid Detection

This topic contains 1 reply, has 2 voices, and was last updated by  mscaff 1 month, 2 weeks ago.

  • Author
    Posts
  • #291420

    anonymous
    Participant


    How Malware Uses Screen Resolution to Avoid Detection

  • #291422

    mscaff

    There’s a lot more markers than just screen resolution that give away a virtualised environment though?

  • #291423

    jdriscoll0129

    So set my screen resolution to one of those and it’s basically free anti virus?

  • #291424

    artagel

    This has been going on for years. Also, you can use screen resolution in the same way to verify you are on the target osdevice you want.

  • #291425

    robwashere

    Can anyone ELI5? 🙂

  • #291426

    zombiere4

    So i could just switch my resolution when i open a download, wait for it to self detonate and then switch back?

  • #291427

    JonnyRocks

    Windows Sandbox uses your native resolution, I also don’t know how virtualized it is. I think windows sandbox is just a sectioned off area. I always use it to test files.

  • #291428

    h420n

    Just use Qubes guys

  • #291429

    PiratusInteruptus

    >As a result, researchers sometimes don’t install the VM’s guest software. This software enables additional features such as higher screen resolutions, which the researcher doesn’t really need. If the user doesn’t use the guest software, the VM typically locks the user into one of two low resolutions: 800×600 and 1024×768.

    Who, in 2020, is running VMs at 800×600?

  • #291430

    Chj_8

    This is very useful. Thank you for the info.

  • #291431

    ibraheemMmoosa

    I guess we should have developed separate Virtual Machine software focused on malware testing scenarios.

  • #291432

    TheDevilsAdvokaat

    That was interesting. You have to wonder how many other obvious markers there are that suggest you’re on a virtual machine rather than a real one.

    In fact maybe researchers should create a program whose sole purpose is to try to determine whether or not it;s running on a VM. They would learn from this.

  • #291433

    _DarkAmethyst_

    Man this is dangerous. Thanks for the info man

  • #291434

    mTbzz

    MFW i’m protected against malware cause i use 1024 for some reasons lmao.

  • #291435

    godsrebel

    Yeah, tor browser even advices you to have a minimum in the browser window. Nice evasion to use

  • #291436

    Oshnoritsu

    Can you run stuff like Kali Linux/Tor from a USB stick?

  • #291437

    Takewondosemaster

    Imagine, if you will, a Tor browser where every other user is a bot except YOU. Now imagine this Tor is available on the App Store and gets 5 stars. All the cool kids are using it.

You must be logged in to reply to this topic.