Cyber security experts have noticed a spike in fileless malware attacks, which take advantage of the trust factor between security software and genuine, signed Windows applications. As these malware attacks leave no footprints in the computer system, it is difficult to notice their presence.

“Because this type of attack is launched through reputable, trusted executables, it is hard to detect,” says internet security solutions firm McAfee Labs.

It says the rapid rise of such attacks is a cause for concern. Unlike in traditional attacks where hackers sneak into systems by launching malware applications, fileless malware attacks do not install any software on a user’s computer.

‘Extremely hard to detect’

“This makes a successful attack extremely hard to detect. Both consumers and corporate users can fall victim. In corporate environments, attackers use this vector to move laterally through the network,” McAfee points out.

Cyber security expert Debasish Mandal says CactusTorch is an example of a ‘fileless’ threat. It adopts the DotNetToJScript technique, which loads and executes malicious applications straight from memory.

“These assemblies are the smallest unit of deployment of an application, such as a .dll or .exe. The malware does not write any part of the malicious .NET assembly on a computer’s hard drive,” he says.

This makes traditional file scanners ineffective in detecting the intrusions. “We have seen a rapid growth in the use of CactusTorch this year. This can execute custom shellcode on Windows systems,” he says.