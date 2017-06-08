A bank in Poland previously discovered unknown malware running on several of its computers, exposing a wave of attacks that affected organizations from at least 31 countries.

What’s unique about this attack, is the usage of a piece of sophisticated malicious software, that managed to reside purely in the memory of a compromised machine, without leaving a trace on the machine’s file system. Fileless malware allows attackers to evade detection from most end-point security solutions which are based on static files analysis (Anti-Viruses).

Fileless malware is not a new phenomenon. Throughout the past few years, an evolution of Fileless malware has been observed.

Initially, malware developers were focused on disguising the malware’s network operation, be it communication with their command and control servers or data exfiltration. This was accomplished by mimicking the traffic of different Messengers applications and HTTP header spoofing to evade network security solutions (firewalls/IDS).

Lateral movement as non-malware

The latest advancement in Fileless malware shows the developers focus shifted from disguising the network operations to avoiding detection during the execution of lateral movement inside the victim’s infrastructure.

