Banking Trojan Uses Mouse Movements to Distinguish Users From Virtual Machines

  • 25 July 2017
  • 0 replies
  • 141 views

Userlevel 7
Badge +54
25th July 2017  By Catalin Cimpanu
 


 
In July 2017, security researchers have spotted a new version of the proficient Ursnif banking trojan that comes with a clever trick to avoid sandbox environments and automated virtual machines by using mouse movements to detect if a real user is interacting with the computer.
 
The general idea is to detect if the mouse cursor's position moves, something that does not happen in security testing and malware analysis environments, where the mouse cursor remains in the same position during the entire scanning and analysis operations.
 
Full Article.
 

0 replies

Be the first to reply!

Reply