Fileless malware – where the necessary files for an infection are not installed on the system – is becoming increasingly popular. In the first half of this year, the number of infections with this malware increased by no less than 265 percent compared to the same period in 2018.
Security company Trend Micro says in a report that in the first six months of this year, it detected 710,733 malware infections that were fileless. In the first half of 2018, the company only detected 194,840 infections with fileless malware.
Throughout 2018, 603,892 attacks with fileless malware were detected. Compared to the whole of 2018, an increase of 18 percent can be seen in the first half of this year.
Difficult to detect
Fileless malware is of interest to cybercriminals because it is less likely to be detected by virus scanners and security software. The malware is executed via the working memory. For this, the malware uses familiar programs such as PowerShell or Windows Management Instrumentation. The malware can also be in the registry.
However, after restarting a computer, the malware often disappears, precisely because it only lives in the working memory. This is in contrast to malware, which does place files on the system. Such malware can survive a restart.
Fileless malware was used in ransomware, banking trojans and mining malware. All those threats abused PowerShell.
Not only is fileless malware popular. According to the Trend Micro report, ransomware is also re-emerging. In the first six months of this year, the company detected more than 46 million ransomware attacks, compared to 26 million in the second half of 2018.
Trend Micro focuses on the systems of companies that get infected by infected mails.
In total, more than 26 billion threats were blocked in the first half of 2019. The vast majority consisted of e-mail threats.