Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro
With additional analysis from David Agni
Improvements in security file scanners are causing malware authors to
deviate from the traditional malware installation routine. It’s no
longer enough for malware to rely on dropping copies of themselves to a
location specified in the malware code and using persistence tactics
like setting up an autostart feature to ensure that they continue to
run. Security file scanners can easily block and detect these threats.
A tactic we have spotted would be using fileless malware. Unlike most
malware, fileless malware hides itself in locations that are difficult
to scan or detect. Fileless malware exists only in memory and is written
directly to RAM instead of being installed in target computer’s hard
drive.
POWELIKS
is an example of fileless malware that is able to hide its malicious
code in the Windows Registry. These use a conventional malware file to
add the entries with its malicious code in the registry.