Security News > 2021 > November > TrickBot phishing checks screen resolution to evade researchers
The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers.
Last year, the TrickBot gang added a new feature to their malware that terminated the infection chain if a device was using non-standard screen resolutions of 800x600 and 1024x768.
Researchers usually analyze malware in virtual machines that come with certain particularities - especially on default configurations - such as running services, name of the machine, network card, CPU features, and screen resolution.
In TrickBot malware samples found last year, the executable included JavaScript code that verified the screen resolution of the system it was running on.
Security researcher MalwareHunterTeam found in March this year a phishing kit that included code for checking the system's screen resolution.
As seen above, the script also checks if the color depth of the visitor's screen is less than 24-bits, or if the screen height and width are less than 100 pixels.