Fileless Malware: A New Trend?

Fileless Malware: A New Trend?

by Adam
August 18, 2022

Fileless malware is a significant threat difficult to detect. A secondary concern with fileless malware is that it can often bypass current security controls and penetrate the system through the attack surface of legitimate programs. Fileless malware is not always easy to understand. Here we will look closer at fileless malware, and its different ways to compromise users at the micro level.

What is Fileless Malware?

Fileless malware is a type of malicious software that does not require installation on the computer. Such malware hides in the computer system and piggybacks on legitimate programs by performing malicious activity. Fileless malware is not file-based but memory-based. In other words, it leaves no footprint to be detected. 

Fileless malware is a malicious code injected into some running process and executed only in RAM. Fileless malware exploits the system vulnerability and writes itself directly into memory. Fileless malware attacks can be hidden in documents and within documents.

What does Fileless Malware do?

Fileless malware like regular malware uses a computer’s system software, applications, and protocols to install malicious activity. Fileless malware activity ends when the system reboots. 

Examples of such activities can be the following: 

  • Phishing emails
  • Malicious downloads
  • Malicious code injection in the already installed applications
  • Malicious websites legitimate-looking alike (allow the code to run into the browser memory)
  • Exploiting system vulnerability
  • Initial access for stealing credentials or information

What are the types of Fileless Malware attacks?

Script-based attack

It is not completely fileless but still is difficult to spot. Script-based attack, known as SamSam ransomware, is a semi-fileless attack that, while used, does not allow the payload to be analysed without the initial script. The only way to capture the attack is to spot it while it happens. 

Windows registry manipulation

It involves the usage of a malicious file that uses a normal Windows process to write fileless code into the registry. 

Memory code injection

It hides malicious code in the memory of legitimate applications. When Windows activity is running, such malware reinjects itself into the running processes. 

How to stay protected from Fileless Malware?

We suggest:

  • Continuous monitoring of phishing emails. Be aware of phishing email signs 
  • Continuous monitoring of incoming and outgoing network traffic
  • Constant memory analysis
  • Conscious when downloading and installing new applications
  • Having up-to-date software applications
  • Having up-to-date browser

Fileless malware can be spotted. It requires a complex approach to a problem. Fileless malware attacks rely only on human vulnerability. It means that user behaviour is the central focus of cyber security.

With fileless malware, attackers have found a way to infect your computer without using files. Book a demo to learn how you can improve your human part of cyber security. 

Related Stories

June 24, 2021

Timing is (almost) everything with phishing

The best spear phishing attacks are timely. Which means they arrive in the inbox of the target exactly when it is relevant to the target.

August 25, 2022

Cyber Security and Privacy Challenges. Tips, Tricks and Traps.

Cyber security is a growing concern. Learn more about privacy and cyber security in this blog.

September 8, 2022

Cybersecurity Awareness Month is coming!

Are you prepared for Cybersecurity Awareness Month? Get tips and tricks from MonkPhish on how to improve your cyber security hygiene. From online safety to protecting your devices, we've got you covered. Check out our blog!