HomeUpdateTrickBot Checks Screen Resolution to Avoid Detection with a twist

TrickBot Checks Screen Resolution to Avoid Detection with a twist


Last Updated on 01/12/2021 by Sunaina

It’s nothing new for TrickBot operators to try to avoid detection and analysis by checking the screen resolution of a victim’s system. The TrickBot gang only a year ago added a new feature to its malware that terminated infection chains if non-standard screen resolutions were detected on the devices.

A threat hunter and Cryptolaemus security group member recently discovered an HTML attachment containing a bogus insurance purchase alert. In a virtual environment, the spam email downloads a ZIP archive for a physical system and redirects victims to the American Broadcasting Company (ABC) website. The script differentiates between them by determining whether the web browser employs a software renderer such as SwiftShader, VirtualBox, or LLVMpipe, which usually implies the use of a virtual machine. In addition, the script examines the colour depth, height, and width of a screen.

Researchers claim that this is the first time a gang has used a script in an HTML attachment to check for screen resolution.

When you open the email attachment in your default web browser, the HTML file from the campaign is launched. A message appears informing users that the document is being loaded. It then requests a password to gain access to it. The infection chain on a regular user’s machine begins with the download of a ZIP archive containing the TrickBot executable. This method of downloading malware is known as HTML smuggling, and it works by including JavaScript code encoded in an HTML file, which bypasses a browser’s content filters and sneaks malicious files onto a compromised system.

TrickBot operators are now using device screen resolutions to determine whether the targeted environment is virtual or not. Organizations need a tool that can examine files based on their behaviour and deliver reports on significant system changes to stay protected from such threats.

A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...