CyberNews Briefs

TrickBot malware now checks screen resolution to evade analysis

The notorious TrickBot trojan has evolved again, this time acquiring the ability to check the screen resolutions of victims to detect whether the malware is running on a virtual machine or on the actual device. Researchers typically analyze malware while running a virtual machine that is outfitted with different analysis tools, therefore, malware commonly adapts anti-VM techniques to determine if the malware is running on a virtual machine. Anti-VM software typically searches for Windows services, machine names, or particular processes that indicate whether the malware is running on a VM.

Cybersecurity firm MalwareLab acquired a new sample of the TrickBot trojan, determining the updates to the malware. TrickBot initially started as a banking trojan, however, it has evolved over time to perform a larger variety of malicious behavior, including spreading laterally through a network, stealing saved credentials in browsers, stealing cookies and OpenSSH keys, stealing Active Directory Services databases and more.

Read More: TrickBot malware now checks screen resolution to evade analysis

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.