Allot Communications : What is Fileless Malware?

Nigel Kersh|October 29, 2018

Fileless malware is a form of cyberattack where the malicious software that enters your computer system resides within volatile storage components such as RAM. It is distinguished from traditional memory-resident malware that generally required access to your hard disk before it hid itself away in memory. Due to its ability to camouflage itself solely in a computer's memory without writing any trace to a hard disk, it can then remain undetected by standard antivirus detection programs.

Memory-resident viruses have been with us since the 1980s when Fred Cohen demonstrated the Lehigh virus. However, this type of cyberattack is different to the relatively new form of threat called fileless malware, which only resides in RAM or other temporary storage components and does not write any date to the hard disk. One of the most famous variants of fileless malware was the Stuxnet virus that was used to infiltrate and significantly damage to Iran's nuclear program.

Fortunately, most fileless malware will not survive a system reboot, so if there is any chance that you are infected, this stealth malware can be removed by simply switching off your device. Unfortunately, an enhanced attack surface appears on mobile cellphones that are not regularly rebooted.

Kaspersky Lab has identified over 140 enterprise networks across the globe in over 40 countries. Key target institutions are banks, government organizations, and communication service providers. Fileless malware often uses PowerShell scripts, which reside in the Windows registry, to implant their malicious payload. As PowerShell resides on every single Windows system, the attack surface for hackers using this protocol is virtually limitless. Other antivirus companies such as Symantec and Trend Micro have also identified fileless malware attacks as an increasing threat to governments and business.