What Is Fileless Malware And How Does It Work?

The easiest description of a fileless malware: a type of malicious software which uses legitimate programs to infect a computer system. The malicious software does not depend on files for corrupting a device and leaves no trace for detection. Hence, these are believed to be more threatening than other malware forms. Let’s take a closer look at how it works as well a at some protective measures against fileless malware.

Fileless malware emerged in 2017 and is considered to be one of the biggest digital infiltration threats that companies are facing today as per the Symantec’s 2019 Internet Security Threat Report.

Examples of fileless malware include The Dark Avenger, Frodo, Number of the Beast, Operation Cobalt Kitty, etc.

Hacking of the Democratic National Committee and the Equifax breach are recent high-profile fileless malware attacks.

Types of fileless malware attacks are:

Windows registry manipulation
Memory code injection
Script-based techniques
SamSam ransomware

How does it work?

Fileless malware sneaks upon a system to activate its tools and then hides in your system. Mostly they depend on legitimate scripts for execution. These are written directly on the RAM. Therefore, fileless malware is memory-based and not file-based, hence posing a bigger problem for the antivirus solution to detect and remove it.

These malicious programs insidiously use your system resources, applications, and protocols to conduct malicious activities. Typical ways in which they gain entry into your system and applications are:

Through phishing emails, downloads, or links that appear to be legitimate.
Through apps like JavaScript or MS Office apps.
Even through native apps like Windows management Instrumentation (WMI) and Microsoft PowerShell.
Through lateral infiltration.
Through legitimate-looking websites that are indeed consisting of malicious payload.

Protective measures against fileless malware:

User and system behavior is largely targeted by files attacks and hence best practices of surfing the web plays a key role in avoiding such attacks.

You need to keep your browser and apps up-to-date.
Beware of phishing emails.
Keep the OS updated.
Download apps from trusted sources.

As there is no updated virus definition available, therefore, traditional antivirus solutions are not much effective in dealing with fileless malware; however, the following solutions can help:

Endpoint detection and response (EDR) solutions can be the immediate saviours.
Use a whitelisting solution to block unauthorized apps and codes from running on servers or desktops.
Using a top-notch cybersecurity solution enabled with deep learning ability and AI techniques.
Behavior analysis and memory analysis plays a key role in their detection.
A firewall is indispensable.
Ultimately, an endpoint security solution capable of filtering URLs and memory protection offers a good chance against these attacks.

Lastly, it is essential to integrate and use more than one kind of security solution to detect and remove files malware from the system.

Adrian