If these were laypeople that would then give up, sure.
But I'm surprised that it's even worth malware authors' time to put in these checks. I can't imagine there's even a single case of where it stopped malware researchers in the end. What, so it takes the researchers a few hours or a couple of days longer? Why would malware authors even bother?
(What I can understand is malware that will spread through as many types of systems as possible, but only "activate" the bad behavior on a specific type of system. But that's totally different -- a whitelist related to its intended purpose, not a blacklist to avoid security researchers.)
If these were laypeople that would then give up, sure.
But I'm surprised that it's even worth malware authors' time to put in these checks. I can't imagine there's even a single case of where it stopped malware researchers in the end. What, so it takes the researchers a few hours or a couple of days longer? Why would malware authors even bother?
(What I can understand is malware that will spread through as many types of systems as possible, but only "activate" the bad behavior on a specific type of system. But that's totally different -- a whitelist related to its intended purpose, not a blacklist to avoid security researchers.)