Fileless malware runs entirely from memory to make detection harder

Hacking

Traditional malware infections usually require a file object to be placed on the system which makes it relatively easy for them to be detected and removed.

Now though there’s a stealthier threat uncovered by security company Malwarebytes. Poweliks is an infection that runs without a filesystem object, completely from the registry and memory using rundll32.exe, javascript and a create on-the-fly dll.

Code can be injected into the machine via a fake landing page which makes traditional security solutions like white listing ineffective in combating it.

It doesn't place a physical file on the system, instead Poweliks injects code into processes which are currently running, like Internet Explorer. This allows it to run on the back of the legitimate process and thus avoid detection.

Security researcher Jerome Segura says, "There are many advantages of doing that. For starters, by never dropping anything onto the hard-drive, you reduce your payload's footprint on a system and chances for it to get detected. It is typically much easier to detect a piece of malware on disk than one hiding in memory".

To ensure that it can survive after a system restart it places code in hidden registry keys allowing it to execute and infect the legitimate process again after a reboot.

A newly released version of Malwarbytes Anti-Rootkit is able to remove Poweliks. There's also more information on fileless infections and how they work on the Malwarebytes blog.

Image Credit: alphaspirit/Shutterstock

7 Responses to Fileless malware runs entirely from memory to make detection harder

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.