Security News > 2021 > March > Phishing sites now detect virtual machines to bypass detection

Phishing sites now detect virtual machines to bypass detection
2021-03-15 17:20

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device.

Cybersecurity firms commonly use headless devices or virtual machines to determine if a website is used for phishing.

To bypass detection, a phishing kit utilizes JavaScript to check whether a browser is running under a virtual machine or without an attached monitor.

The code used by this threat actor appears to have been taken from a 2019 article describing how JavaScript can be used to detect virtual machines.

Fabian Wosar, CTO of cybersecurity firm Emsisoft, told BleepingComputer that security software utilize a variety of methods to scan for and detect phishing sites.

As it's common for researchers and security companies to harden their virtual machines to evade detection by malware, it appears they will now also have to harden them against phishing attacks.


News URL

https://www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/