That's a funny way to combat Russian made malware but I think Russian malware checks which keyboard language you are currently using and not which ones are in total present on your OS.
Nope, it checks which keyboards are installed in these reg entries, not which are currently used. That's the well-known windows trick every ms admin should know
Is there a way to check which one is currently in use? There must be. So Russians are slacking on this one? Also they could check in which language are files and folders named or they could check timezone or something. Years ago I loved to read malware RE articles and I remember they also checked for Belarussian, Ukrainian and most of the ex-USSR countries' languages. Isn't the most efficient way to check external IP address of the device, ofc if it has one.
geolocations of IPs change all the time, malware would need to speak to some server somewhere to get a current list. the russian keyboard method doesnt have the same risk of discovery
Yea I know and some computers might not be connected to the internet but to some local network and tbh 99% of people won't install Russian or some ex-USSR language packs just to potentially protect from Russian made malware.
