What is Fileless Malware?
Fileless Malware is a type of malware that exists only in RAM – never actually making it onto a computer’s hard drive. Instead, fileless malware leverages operating system tools that are legitimately in use (primarily in Windows) like the system registry to execute malicious scripts. It may also be associated with Microsoft Office Macros, PowerShell, and more.
How to Recognize This Threat: Because it doesn’t depend on the download, installation, or execution of a file on a system, fileless malware is quite difficult to detect. Traditional anti-virus packages rely on the signatures of executable files to sniff out malware, but fileless malware leaves no such signature. In fact, in many cases it only runs when the legitimate process it’s associated with is running as well. And adding an additional measure of difficulty, it only runs when the computer is running and is gone without a trace when it’s rebooted. Fileless malware can infect a system through Office documents, PDFs, or other legitimate file types, or it can come through simple web browsing on an exploit-kit affected site.
How to Prevent This Threat: Users should exercise due diligence in their online behaviors, only going to trusted sites, only opening trusted emails, and only downloading trusted attachments. Admins should closely monitor network activity as well. However, as it is so difficult to detect, behavior and monitoring is not enough. While legacy anti-virus programs are little help, security solution providers of today use machine learning and AI processes that can detect and stop non-signature based malware like fileless malware. That means protecting your network and each computer on it requires have up-to-date endpoint security protection in addition to a firewall with security services.