[Question] How do I prevent scammers from blacking the screen in a virtual machine?

Hi Folks!
This is my first time registered here

I set up scambaiting VMs for my partner to use when scambaiting. He’s not as technical as I am so I make the machines for him. I’m wondering how people prevent scammers from using “blank screen” and “prevent remote input” on their virtual machines. I’ve seen in done in scambaiting videos but I’d like to employ some of the same techniques to make my VMs a bit more robust and so I can see what they’re doing.

I think TeamViewer doesn’t allow free users to blank screen any more, but it’s still in AnyDesk and GoToAssist and many others, and I’m wondering how to work around it.

Thanks!

I think there is no way to work around the blank screen in other remote access software (or at least i haven’t still found a way)

The only way on how to work around the blank screen is the ‘social engineering’ way. When the scammer asks you if your screen is blank, say no - i can still see the desktop. Then they might toggle it off. Then tell them it’s blank.

Send CTRL+Alt+Del Then You will Be Able To Move The Mouse And See The Screen

Welcome jcx !

Thank you!

I’ve heard that you could also RAT your own machine, so you can always see. It’s been a while, is nanocore still the go to for that?

That’s what I was thinking BUT it does mean you’ll need another VM running. Kitboga has figured out how, some of his videos show that but not how to.

Quasar RAT works

In that case you should be able to remote desktop into it. That should be less tricky than RATTING. ( RDP into your VM from your host )

yes by running anydesk on your host machine you can see whats going on in the VM and the scammer will be none the wiser

I think they would see a second Anydex ID connected no? Or they are not smart enough to notice?

I would think the RAT option is a good idea, but you have to have a clean RAT. Also they tend to be kind of clunky with streaming the desktop.

Could try VNC server and hide it?

No they wouldn’t see a second anydesk id especially if you are able to run it as background and hide it that way. Also Anydesk is a clean RAT so there is no need to use anything like nanocore or prorat. As that’s just risky and is more likely to hurt you than help you

I thought it showed all the users connected in the one connection window? Maybe I am thinking of TeamViewer but I never use that anymore I only use AnyDesk.

I would think them finding a RAT on the machine would be nothing out of the ordinary, they are “tech support” so they probably encounter legitimately infected computers. If you mean slowing down the VM yeah but not an issue with 32 cores and 128GB memory.

With anydesk each connection gets its own window so u can hide individual stuff if u put in a bit of work. Vnc would also probably work but if it opens a window still probably better to run on background. Python or java could also be used as they are very easy to run on startup or something

Thanks for the extra replies! I never thought of using a hidden VNC process to keep connected if the screen is blank.

In my machine I’ve test-signed the VM additions so I can hide them better so hiding a VNC process shouldn’t be too difficult either

Yeah, I can see the issues getting a clean copy of a RAT, although I do like the idea of using Anydesk, since that’s one of the things they often use themselves, so they’re not likely to delete it, are they?