ePrivacy and GPDR Cookie Consent by Cookie Consent
How Malware Uses Screen Resolution to Avoid Detection – Digitalmunition


Home Forums How Malware Uses Screen Resolution to Avoid Detection

This topic contains 1 reply, has 2 voices, and was last updated by  mscaff 1 month, 2 weeks ago.

  • Author
  • #291420


    How Malware Uses Screen Resolution to Avoid Detection

  • #291422


    There’s a lot more markers than just screen resolution that give away a virtualised environment though?

  • #291423


    So set my screen resolution to one of those and it’s basically free anti virus?

  • #291424


    This has been going on for years. Also, you can use screen resolution in the same way to verify you are on the target osdevice you want.

  • #291425


    Can anyone ELI5? 🙂

  • #291426


    So i could just switch my resolution when i open a download, wait for it to self detonate and then switch back?

  • #291427


    Windows Sandbox uses your native resolution, I also don’t know how virtualized it is. I think windows sandbox is just a sectioned off area. I always use it to test files.

  • #291428


    Just use Qubes guys

  • #291429


    >As a result, researchers sometimes don’t install the VM’s guest software. This software enables additional features such as higher screen resolutions, which the researcher doesn’t really need. If the user doesn’t use the guest software, the VM typically locks the user into one of two low resolutions: 800×600 and 1024×768.

    Who, in 2020, is running VMs at 800×600?

  • #291430


    This is very useful. Thank you for the info.

  • #291431


    I guess we should have developed separate Virtual Machine software focused on malware testing scenarios.

  • #291432


    That was interesting. You have to wonder how many other obvious markers there are that suggest you’re on a virtual machine rather than a real one.

    In fact maybe researchers should create a program whose sole purpose is to try to determine whether or not it;s running on a VM. They would learn from this.

  • #291433


    Man this is dangerous. Thanks for the info man

  • #291434


    MFW i’m protected against malware cause i use 1024 for some reasons lmao.

  • #291435


    Yeah, tor browser even advices you to have a minimum in the browser window. Nice evasion to use

  • #291436


    Can you run stuff like Kali Linux/Tor from a USB stick?

  • #291437


    Imagine, if you will, a Tor browser where every other user is a bot except YOU. Now imagine this Tor is available on the App Store and gets 5 stars. All the cool kids are using it.

You must be logged in to reply to this topic.