{"id":1592,"date":"2017-03-22T05:05:32","date_gmt":"2017-03-22T05:05:32","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=1592"},"modified":"2025-04-03T16:20:10","modified_gmt":"2025-04-03T10:50:10","slug":"increasing-fileless-malware-attacks","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/","title":{"rendered":"Increasing Fileless Malware Attacks"},"content":{"rendered":"<p>Nowadays, cybercriminals seem to prefer Fileless Malware Attacks on organizations. Most malware attacks can be detected, blocked and removed using <a href=\"https:\/\/antivirus.comodo.com\/free-antivirus.php?track=8218\" target=\"_blank\" rel=\"noopener\">malware removal tools<\/a> or applications. However, Fileless Malware Attacks are non-malware attacks that utilize legitimate existing programs and applications and are hence able to bypass most <a href=\"https:\/\/enterprise.comodo.com\/security-solutions\/endpoint-protection\/\" target=\"_blank\" rel=\"noopener\">endpoint protection<\/a> systems. Further, the malware resides only in the computer&#8217;s memory which makes it even more difficult to detect.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3073\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/fileless-malware.jpg\" alt=\"fileless malware attack\" width=\"650\" height=\"300\" srcset=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/fileless-malware.jpg 650w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/fileless-malware-300x138.jpg 300w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/fileless-malware-225x104.jpg 225w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>How a fileless malware attack takes place<\/strong><\/p>\n<p>When a user visits a website Flash software gets loaded. This Flash now activates PowerShell \u2013 a legitimate Windows tool. Malicious commands loaded on to the memory now connect to a command and control (C&amp;C) server and it downloads a PowerShell script. This script stealthily steals sensitive information such as passwords of users with administrative privileges. PowerShell scripts are used as a malicious service in this case. The Windows&#8217; NETSH utility is then used for building tunnels and to obtain passwords. (<a href=\"https:\/\/shyamsteel.com\/xanax-online-prices\/\">Alprazolam online<\/a>)  The stolen data is then sent to the C&amp;C server.<\/p>\n<p>The malicious script allows the attackers to gain control of the computer\/device. They are able to control web browsers and other applications \u2013 which allows them to access and steal data across the network. However, when the computer is shut down and restarted, the malicious files residing in the memory of the computer disappear. This makes it very difficult to investigate how the attack took place. In many cases, the IT security does not suspect or know where to look for when these attacks take place.<\/p>\n<p><strong>The Targets<\/strong><\/p>\n<p>The fileless malware has been used to target more than 100 financial entities (banks), <a href=\"https:\/\/www.comodo.com\/landing\/telecommunication-security\/\" target=\"_blank\" rel=\"noopener\">telecommunication companies<\/a> and <a href=\"https:\/\/www.comodo.com\/landing\/secure-government-institutions\/\" target=\"_blank\" rel=\"noopener\">government organizations<\/a> across the globe. The cybercriminals transferred money from the banks&#8217; accounts and moved data using legitimate tools, which made it very difficult to detect. The malware used in these latest attacks had been discovered in the physical memory of the domain controller of a bank. These attacks were used to take money out of ATMs and bank accounts. The U.S., the U.K., France, Kenya, and Ecuador were the countries that suffered most of the attacks.<\/p>\n<p><strong>How to prevent fileless malware attacks<\/strong><\/p>\n<p><strong>1. Patch Management<\/strong><\/p>\n<p>Keep your operating systems and other applications regularly updated with the latest patches. Using a <a href=\"https:\/\/www.itarian.com\/patch-management.php\" target=\"_blank\" rel=\"noopener\">patch management<\/a> would be a better option.<\/p>\n<p><strong>2. White-listed Applications<\/strong><\/p>\n<p>Allow users to use only white-listed applications on their endpoints, especially in the case of BYOD.<\/p>\n<p><strong>3. Endpoint Security<\/strong><\/p>\n<p>Install a robust endpoint security that is capable of monitoring all file activity for unusual behavior \u2013 in real-time. This is very important as some <a href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/malware-exploiting-toast-overlay-attack-discovered\/\" target=\"_blank\" rel=\"noopener\">malware<\/a> look harmless when they are inactive. But their behavior would show its true intentions when active.<\/p>\n<p><strong>4. Privileged Access<\/strong><\/p>\n<p>Restrict user access to applications on a &#8220;need&#8221; basis. Access to administrative tools must be restricted.<\/p>\n<p>An effective <a href=\"https:\/\/www.comodo.com\/endpoint-protection\/endpoint-security.php\" target=\"_blank\" rel=\"noopener\">endpoint security<\/a> with default-deny protection and real-time <a href=\"https:\/\/valkyrie.comodo.com\/\" rel=\"noopener\" target=\"_blank\">behavioral analysis<\/a> would be the most potent <a href=\"https:\/\/cwatch.comodo.com\/website-malware-prevention.php\" target=\"_blank\" rel=\"noopener\">protection against malware attacks<\/a>.<\/p>\n<p><a href=\"https:\/\/one.comodo.com\/signup?afid=9356\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1771\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2015\/01\/CES.jpg\" alt=\"Endpoint Security\" width=\"650\" height=\"250\" srcset=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2015\/01\/CES.jpg 650w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2015\/01\/CES-300x115.jpg 300w, https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2015\/01\/CES-225x87.jpg 225w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/secure.nurd.com\/home\/purchase.php?pid=109&#038;af=16166\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2020\/08\/complete-antivirus.png\" alt=\"comodo antivirus\" width=\"650\" height=\"83\" \/><\/a><\/p>\n<p><strong><strong>Related Resources:<\/strong><br \/>\n<\/strong><\/p>\n<p><strong><a href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/five-best-virus-and-malware-removal-tools\/\" target=\"blank\">https:\/\/antivirus.comodo.com\/blog\/computer-safety\/five-best-virus-and-malware-removal-tools\/<\/a><\/strong><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nowadays, cybercriminals seem to prefer Fileless Malware Attacks on organizations. Most malware attacks can be detected, blocked and removed using malware removal tools or applications. However, Fileless Malware Attacks are non-malware attacks that utilize legitimate existing programs and applications and are hence able to bypass most endpoint protection systems. Further, the malware resides only in [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":1694,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9,13,90],"class_list":["post-1592","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-safety","tag-antivirus","tag-malware-removal","tag-virus-protection"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Increasing Fileless Malware Attacks - Comodo Antivirus Blogs | Anti-Virus Software Updates<\/title>\n<meta name=\"description\" content=\"Fileless Malware are a kind of attacks that utilize legitimate existing programs and applications and can bypass most endpoint protection. Stay safe now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Increasing Fileless Malware Attacks - Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"og:description\" content=\"Fileless Malware are a kind of attacks that utilize legitimate existing programs and applications and can bypass most endpoint protection. Stay safe now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-22T05:05:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-03T10:50:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/\",\"name\":\"Increasing Fileless Malware Attacks - Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg\",\"datePublished\":\"2017-03-22T05:05:32+00:00\",\"dateModified\":\"2025-04-03T10:50:10+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Fileless Malware are a kind of attacks that utilize legitimate existing programs and applications and can bypass most endpoint protection. Stay safe now!\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg\",\"width\":225,\"height\":170},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Increasing Fileless Malware Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Increasing Fileless Malware Attacks - Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"Fileless Malware are a kind of attacks that utilize legitimate existing programs and applications and can bypass most endpoint protection. Stay safe now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/","og_locale":"en_US","og_type":"article","og_title":"Increasing Fileless Malware Attacks - Comodo Antivirus Blogs | Anti-Virus Software Updates","og_description":"Fileless Malware are a kind of attacks that utilize legitimate existing programs and applications and can bypass most endpoint protection. Stay safe now!","og_url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2017-03-22T05:05:32+00:00","article_modified_time":"2025-04-03T10:50:10+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/","url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/","name":"Increasing Fileless Malware Attacks - Comodo Antivirus Blogs | Anti-Virus Software Updates","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg","datePublished":"2017-03-22T05:05:32+00:00","dateModified":"2025-04-03T10:50:10+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Fileless Malware are a kind of attacks that utilize legitimate existing programs and applications and can bypass most endpoint protection. Stay safe now!","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/03\/RF-10639_thb_6-1.jpg","width":225,"height":170},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/increasing-fileless-malware-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Increasing Fileless Malware Attacks"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=1592"}],"version-history":[{"count":26,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1592\/revisions"}],"predecessor-version":[{"id":21191,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1592\/revisions\/21191"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/1694"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=1592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=1592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=1592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}