Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device. The script checks the visitor’s screen’s width and height and uses the WebGL API to query the rendering engine used by the browser. If it discovers any signs of analysis attempts, it shows a blank page instead of displaying the phishing page. The code used by this threat actor appears to have been taken from a 2019 article describing how JavaScript can be used to detect virtual machines.
Source: https://www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/