Researchers at Seculert have discovered the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detects it s being executed in a virtual machine. The group behind the malware has been pretty adept in modifying the malware to elude sandbox detection in particular. The fake domains are registered by the phony stream, and provide instead a dummy executable that does nothing but exit, the researchers say. This is a first where it’s generating a fake DGA, they say.
Source: https://threatpost.com/updated-dga-changer-malware-generates-fake-domain-stream/114159/