This is an interesting article about fileless memory that does not need to be downloaded to a hard drive. It runs in the kernel or RAM without downloading any payload to the hard drive. Therefore, it could go undetected by traditional AV software.
This highlights the importance of having a defense in depth strategy that monitors activity on the network and endpoints, enforces strong access management, prevents data leakage, enforces a strong perimeter, etc. If a company or bank is relying solely on AV software to detect and remove malware, they will struggle to defend against today’s threats.
Say Hello to the Super-Stealthy Malware That’s Going Mainstream
Loi Van Tran says
Hey Jason,
I wrote about the same article but from a different site. IT was interesting because the malware was injected into the system using typical admin tools, like the one we used in class metepreter. It made it hard to detect, like you said because it never touches the hard drive. Another reason I believe, is because since most admins used these open-source tools, I guess they forget the fact that it could be used maliciously.