What is Fileless Malware?

Fileless malware is a type of malicious software that utilizes legitimate programs, rather than virus-laden files, to infect a host. These legitimate programs are used to execute malicious code in resident memory. Resident memory means stored in a computer’s random access memory (RAM), and malware loads from system commands. Running from here, you would typically expect it to leave no trace after its execution. This makes fileless malware a difficult threat for organizations to manage.

How Does a Fileless Malware Attack Occur?

To best manage this risk, we need to understand fileless malware better. Now that we have a general idea of what it is, let’s look at how these attacks happen. As with most cyber attacks, cybercriminals will typically attempt to deceive a user into clicking on a link or downloading an attachment that then creates access to their system. This malware takes a stealth approach to attack your system and completely avoids the hard drive, instead operating in the memory. Once here, these types of fileless attacks work by abusing the trust model used by security applications, which do not monitor whitelisted programs such as Windows executables.

According to WatchGuard analysis, Fileless malware increased a daunting 888% from 2109 to 2020, a trend that experts are suspecting will continue.