Malware increasingly going fileless to avoid detection

Posted on Thursday, June 15 2017 @ 13:12 CEST by Thomas De Maesschalck
MS logo
Security researchers notice an increasing number of malware attacks are adopting a technique that was previously exclusively used by state-sponsored hackers to spy on high-value targets. By residing almost entirely in the computer memory and going "fileless", this new generation of financially motivated hack attacks avoid detection by virtually all antivirus products on the market.

Hacking group FIN7 is reportedly using the technique to infect Windows computers of US restaurants. This specific attack arrives via a booby-trapped Word document attached to a phishing e-mail. Once the victim opens the file, the user is tricked to exit Protected View and the malware uses clever methods to avoid detection by behavior based solutions. The final payload resides only in the computer memory and none of the 56 most widely used anti-virus programs managed to detect the attack.
To be sure, the attack isn't entirely fileless, since it arrives in a booby-trapped Word document attached to a phishing e-mail. The e-mails are tailored to the person receiving them and contain attachments with names including menu.rtf, Olive Garden.rtf and Chick Fil A Order.rtf. Unlike most other Word-based attacks, however, once the document triggers an infection, the final payload resides only in memory.
Full details at ARS Technica.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews