Detect if being run in virtual machine

[alichtman]

Don't do anything if so.

Maybe this is useful: https://www.cyberciti.biz/faq/linux-determine-virtualization-technology-command/

[alichtman]

It's possible that we can include this RedHat program and just read the output but I think it's unlikely that no non-kernel includes are used. Worth a look.

This article is kernel specific. I'd start here.

https://www.ekkosec.com/blog/2018/3/15/linux-anti-vm-how-does-linux-malware-detect-running-in-a-virtual-machine-

https://www.2daygeek.com/check-linux-system-physical-virtual-machine-virtualization-technology/

https://blog.talosintelligence.com/2009/10/how-does-malware-know-difference.html

https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html

https://stackoverflow.com/questions/154163/detect-virtualized-os-from-an-application

[arch1904]

Adding some more links https://www.ostechnix.com/check-linux-system-physical-virtual-machine/ https://unix.stackexchange.com/questions/89714/easy-way-to-determine-virtualization-technology https://www.dmo.ca/blog/detecting-virtualization-on-linux/ (article linked in the stackexchange post)