Researchers Discover Trap Flag in the Intel CPU Register That Can be Abused to Evade Sandbox Detection

Unit 42 has discovered a specific single bit (Trap Flag) in the Intel CPU register that can be abused by malware to evade sandbox detection and discern whether it is executing in a VM or not.