Phishing Sites Now Able To Detect Virtual Machines
MalwareHunterTeam has discovered the script that checks the visitor’s screen’s width and height and uses the WebGL API to query the rendering engine used by the browser.
The script will be able to see first if the browser uses a software renderer, such as SwiftShader, LLVMpipe, or VirtualBox, if any software renderers are in place that is an indication the browser is running within a virtual machine, the script is also checking the visitor’s screen color depth, and if that is any less than 24-bits or if the screen height and width are less than 100 pixels.
If the script is detecting any of these conditions, the phishing page will display a message in the browser’s developer console whilst showing an empty page to the visitor.
Interestingly enough, if the browser is using a regular hardware rendering engine and a standard screen size, the script will display the phishing landing page.
Heimdal™ Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Fabian Wosar, the CTO of a known cybersecurity firm said that security software utilizes a variety of methods to scan for and detect phishing sites, including signature matching and visual machine using machine learning.
It’s a daily task for researchers and security companies to harden their virtual machines to evade detection by malware and from now it seems that they will also have to better prepare them against phishing attacks.