TrickBot malware now checks screen resolution to evade analysis


The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine.

When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools.

Due to this, malware commonly uses anti-VM techniques to detect whether the malware is running in a virtual machine. If it is, it is most likely being analyzed by a researcher or an automated sandbox system.

Read more…
Source: Bleeping Computer