Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive.
For an attacker, fileless malware has two major advantages:
- There is no file for traditional anti-virus software to detect.
- There is nothing on the hard drive for forensics to discover.