Fileless malware runs entirely from memory to make detection harder
Traditional malware infections usually require a file object to be placed on the system which makes it relatively easy for them to be detected and removed.
Code can be injected into the machine via a fake landing page which makes traditional security solutions like white listing ineffective in combating it.
It doesn't place a physical file on the system, instead Poweliks injects code into processes which are currently running, like Internet Explorer. This allows it to run on the back of the legitimate process and thus avoid detection.
Security researcher Jerome Segura says, "There are many advantages of doing that. For starters, by never dropping anything onto the hard-drive, you reduce your payload's footprint on a system and chances for it to get detected. It is typically much easier to detect a piece of malware on disk than one hiding in memory".
To ensure that it can survive after a system restart it places code in hidden registry keys allowing it to execute and infect the legitimate process again after a reboot.