Skip to content
2000
Volume 15, Issue 3
  • ISSN: 2210-3279
  • E-ISSN: 2210-3287

Abstract

Fileless malware is a very advanced threat that has garnered significant attention due to its highly stealthy and secretive nature, as well as its ability to easily evade traditional security measures. Unlike traditional malware, which leaves footprints on disks, fileless malware operates in the shadows of system memory, thereby surpassing detection and analysis. In this paper, we provide a comprehensive review of fileless malware, including its evolution, detection techniques, and mitigation strategies. We also explore the historical context of fileless malware. By examining various methodologies employed by researchers and practitioners worldwide, this analysis aims to shed light on strategies for combating the evolving threat posed by fileless malware. We discuss current research efforts and emerging trends in fighting fileless malware, emphasizing the importance of proactive defense strategies in mitigating this evolving threat landscape. Our analysis delves into a comparative study of traditional malware and fileless malware, specifically focusing on Kovter. Leveraging advanced tools like Any.run and VirusTotal, we examine the unique challenges that traditional antivirus solutions encounter when attempting to detect fileless malware. This study underscores the limitations of conventional detection methods in addressing the stealthy nature of these advanced threats.

© 2025 Bentham Science Publishers
Loading

Article metrics loading...

/content/journals/swcc/10.2174/0122103279377106250507052410
2025-05-15
2026-02-23

  • From This Site

    /content/journals/swcc/10.2174/0122103279377106250507052410
    dcterms_title,dcterms_subject,pub_keyword
    -contentType:Contributor -contentType:Concept -contentType:Institution
    10
    5
Loading full text...

Full text loading...

References

  1. BlackC. Beyond the hype: Assessing the real impact of fileless attacks.2017Available from: www.carbonblack.com/resources/white-papers/beyond-the-hype-assessing-the-real-impact-of-fileless-attacks
  2. ChandranS SyamS R SankaranS PandeyT AchuthanK. From static to AI-driven detection: A comprehensive review of obfuscated malware techniques.IEEE Access2025PP991110.1109/ACCESS.2025.3550781
     [Google Scholar]
  3. SanjayB.N. RakshithD.C. AkashR.B. HegdeD.V.V. An approach to detect fileless malware and defend its evasive mechanisms.2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS)Bengaluru, India, 20-22 December 2018, pp. 234-239.10.1109/CSITSS.2018.8768769
     [Google Scholar]
  4. KaraI. Fileless malware threats: Recent advances, analysis approach through memory forensics and research challenges.Expert Syst. Appl.202321411913310.1016/j.eswa.2022.119133
     [Google Scholar]
  5. ChenY BanikSM KhanM GaniA A survey of techniques for improving the detection of fileless malware.IEEE Access201865503655057
     [Google Scholar]
  6. DemmeseF.A. NeupaneA. KhorsandrooS. WangM. RoyK. FuY. Machine learning based fileless malware traffic classification using image visualization.Cybersecurity2023613210.1186/s42400‑023‑00170‑z
     [Google Scholar]
  7. LiuS. PengG. ZengH. FuJ. A survey on the evolution of fileless attacks and detection techniques.Comput. Secur.202413710.1016/j.cose.2023.103653
     [Google Scholar]
  8. ValaKhushali. A review on fileless malware analysis techniques.Int. J. Eng. Res. Technol.2020V9510.17577/IJERTV9IS050068
     [Google Scholar]
  9. DewanR. VenuS. A deep dive into detecting and investigating fileless malware.SSRN10.2139/ssrn.4932008
     [Google Scholar]
  10. KhalidO. UllahS. AhmadT. An insight into the Machine-Learning-based fileless malware detection.Sensors202323261210.3390/s23020612 36679406
     [Google Scholar]
  11. WuM.H. HsuF.H. HuangJ.H. Enhancing linux system security: A kernel-based approach to fileless malware detection and mitigation.Electronics20241317356910.3390/electronics13173569
     [Google Scholar]
  12. Security fabric automation.2020Available from: www.fortinet.com/resources/white-papers/security-fabric-automation
  13. HanchenkoM. GakhovS. Analysis of methods for detecting fileless malware in the energy-dependent memory of an organisation’s information system assets.CSP202426226510.36074/logos‑26.04.2024.054
     [Google Scholar]
  14. MoreA. JoshiK. KumarK. Simulation framework for fileless malware detection and analysis.SSRN202310.2139/ssrn.4488146
     [Google Scholar]
  15. AghaeikheirabadyM. FarshchiS. ShiraziH. A new approach to malware detection by comparative analysis of data structures in a memory image.2014 International Congress on Technology, Communication and Knowledge (ICTCK)Mashhad, Iran, 26-27 November 2014, pp. 1-4.10.1109/ICTCK.2014.7033519
     [Google Scholar]
  16. AljawarnehS. A web engineering security methodology for e-learning systems.Netw. Secur.201120113121510.1016/S1353‑4858(11)70026‑5
     [Google Scholar]
  17. HarishR. SwapnaM.P. Endpoint detection and response for fileless malware and LOLBin threats.202415th International Conference on Computing Communication and Networking Technologies (ICCCNT)Kamand, India, 24-28 June 2024, pp. 1-6.10.1109/ICCCNT61001.2024.10725289
     [Google Scholar]
  18. BaldinA. Best practices for fighting the fileless threat.Netw. Secur.201920199131510.1016/S1353‑4858(19)30108‑4
     [Google Scholar]
  19. AfreenA. AslamM. AhmedS. Analysis of Fileless Malware and its Evasive Behavior.2020 International Conference on Cyber Warfare and Security (ICCWS)Islamabad, Pakistan, 20-21 October 2020, pp. 1-8.10.1109/ICCWS48432.2020.9292376
     [Google Scholar]
  20. BotacinM. GrégioA. AlvesM.A.Z. In-memory detection of fileless malware.The International Symposium on Memory SystemsWashington, DC, USA, 2020, pp. 23-3.10.1145/3422575.3422775
     [Google Scholar]
  21. FalahA. PanL. HudaS. PokhrelS.R. AnwarA. Improving malicious PDF classifier with feature engineering: A data-driven approach.Future Gener. Comput. Syst.202111531432610.1016/j.future.2020.09.015
     [Google Scholar]
  22. BozkirA.S. TahilliogluE. AydosM. KaraI. Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision.Comput. Secur.202110310.1016/j.cose.2020.102166
     [Google Scholar]
  23. Windows registry: Malware persistence.2020Available from: https://sensei-infosec.netlify.app/forensics/registry/persistence/2020/04/15/malware-persistence-registry. html#:~:text=The%20Run%20and%20RunOnce%20keys,targeted%20by%20the%20malware!.
  24. PowerShell security best practices.2021Available from: www.docs.microsoft.com/en-us/powershell/scripting/learn/remo-ting/powershell-security-best-practices
  25. Sudhakar KumarS. An emerging threat Fileless malware: A survey and research challenges.Cybersecurity20203111210.1186/s42400‑019‑0043‑x
     [Google Scholar]
  26. LeeG. ShimS. ChoB. KimT. KimK. Fileless cyberattacks: Analysis and classification.ETRI J.202143233234310.4218/etrij.2020‑0086
     [Google Scholar]
  27. Or-MeirO. NissimN. EloviciY. RokachL. Dynamic malware analysis in the modern era-A state of the art survey.ACM Comput. Surv.202052514810.1145/3329786
     [Google Scholar]
  28. PanchalR. A review on protection against fileless malware attacks using gateway.TURCOMAT2021121073027307
     [Google Scholar]
  29. The human factor: 2020 state of the phish report.2020Available from: www.proofpoint.com/us/resources/threat-reports/state-of-phish
  30. ShaukatSK RibeiroVJ RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning.Bengaluru, India, 03-07 January 2018, pp. 356-363.10.1109/COMSNETS.2018.8328219
     [Google Scholar]
  31. ChengS-M. LuiY-C. TsaiN-J. HongB-K. Toward intelligent IoT endpoint detection and response using digital twins via firmware emulation.IEEE IoT Magazine202476202610.1109/IOTM.001.2400070
     [Google Scholar]
  32. SivakumarV. ReddyA.H. Nehal VarmaA. GRU in Anomaly Detection for IoT: A Comparative Study.Conference on Electrical, Electronics and Computer Science (SCEECS)Bhopal, India, 2025, pp. 1-7.10.1109/SCEECS64059.2025.10940416
     [Google Scholar]
  33. Fileless malware: A guide for IT pros.2018Available from: www.symantec.com/blogs/threat-intelligence/fileless-malware-guide-it-pros
  34. The tao of .net and powershell malware analysis.Available from: https://www.virusbulletin.com/uploads/pdf/conference/vb2015/PontiroliMartinez-VB2015.pdf.
  35. SzorP. The Art of Computer Virus Research and Defense.Addison-Wesley Professional2005
     [Google Scholar]
  36. NguyenT-G. Detecting Fileless Malware on Windows with ATT&CK: A Practical Approach. 2024 International Conference on Electrical, Computer and Energy Technologies (ICECET.Sydney, Australia, 25-27 July 2024, pp. 1-6.10.1109/ICECET61485.2024.10698218
     [Google Scholar]
  37. Fileless malware in targeted attacks.2020Available from: www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-uncut-fileless-malware.pdf
  38. WueestC. AnandH. Internet security threat report living off the land and fileless attack techniques.An ISTR Special Report201749
     [Google Scholar]
  39. BhardwajA. Al-TurjmanF. SapraV. KumarM. StephanT. Privacy-aware detection framework to mitigate new-age phishing attacks.Comput. Electr. Eng.20219610754610.1016/j.compeleceng.2021.107546
     [Google Scholar]
  40. AlahmadiA. AlkhraanN. BinSaeedan W. MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder.Comput. Secur.202211610265810.1016/j.cose.2022.102658
     [Google Scholar]
  41. Understanding and mitigating fileless threats.2019Available from: www.malwarebytes.com/blog/news/2019/01/understanding-and-mitigating-fileless-threats
  42. ZhangQ. WuB. GaoJ. XueB. Remote Injected Code Behavior Analysis using Code Refactor.2022 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA)334810.1109/ICAICA54878.2022.9844547
     [Google Scholar]
  43. AlfouzanFaisal Abdulaziz KimKyounggon AlzahraniNouf M An efficient framework for securing the smart city communication networks.Sensors2022228305310.3390/s22083053 35459038
     [Google Scholar]
  44. NeilerW. Chinchay-MaldonadoJ.O. Mejía-CabreraH.I. Ransomware identification through sandbox environment.In: Proceedings of the Future Technologies Conference (FTC)2022, Volume 2. Cham: Springer 2022; pp. 326-35.10.1007/978‑3‑031‑18458‑1_23
     [Google Scholar]
  45. KimKyounggon Alfouzan FaisalAbdulaziz KimHuykang Cyber-attack scoring model based on the offensive cybersecurity framework.Appl. Sci.20211116773810.3390/app11167738
     [Google Scholar]
  46. NamanyaAP CullenA AwanIU DissoJP The World of Malware: An Overview.10.1109/FiCloud.2018.00067
     [Google Scholar]
  47. Endpoint security solutions for fileless malware.2018Available from: https://www.bitdefender.com/en-kr/business/gravityzone-platform/fileless-attack-defense
  48. RadB.B. MasromM. IbrahimS. Evolution of computer virus concealment and anti-virus techniques: A short survey.IJCSI201881113121
     [Google Scholar]
  49. The Role of Machine Learning in Detecting Fileless Malware.2021
  50. IBM X-Force 2025 threat intelligence index.2025Available from: https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/2025-threat-intelligence-index
  51. Advanced threat protection for fileless malware.2021Available from: www.proofpoint.com/us/products/advanced-threat-protection
  52. BlockF. DewaldA. Windows Memory Forensics: Detecting (Un)Intentionally Hidden Injected Code by Examining Page Table Entries.Digit. Invest.201929S3S1210.1016/j.diin.2019.04.008
     [Google Scholar]
  53. WilhelmJ. ChiuehT-C. “A Forced Sampled Execution Approach to Kernel Rootkit Identification” in Recent Advances in Intrusion Detection.Springer2007219235
     [Google Scholar]
  54. StantonB. TheofanosM.F. PrettymanS.S. FurmanS. Security Fatigue.IT Prof.2016185263210.1109/MITP.2016.84 38566917
     [Google Scholar]
  55. Jyoshna BejjamE. Unveiling the Veiled: Unmasking Fileless Malware through Memory Forensics and Machine Learning.Int. J. Recent Innov. Trends Comput. Commun.20231193691370010.17762/ijritcc.v11i9.9592
     [Google Scholar]
  56. PrasannaK. HariprasadS.A. Harnessing Convolutional Neural Networks for Histopathological Breast Cancer Classification.Int. J. Recent Innov. Trends Comput. Commun.2023119
     [Google Scholar]
  57. Talos Intelligence Fileless Malware in the Wild.2020Available from: www.talosintelligence.com/fileless-malware
  58. BoranaP. SihagV. ChoudharyG. VardhanM. SinghP. An assistive tool for fileless malware detection.2021 World Automation Congress (WAC)21-5.Taipei, Taiwan. 2021; pp.10.23919/WAC50355.2021.9559449
     [Google Scholar]
  59. SinghR. AgarwalM. VermaP. Challenges in deploying GRU models in real-time IoT environments.IEEE J-IoTSA202353200211
     [Google Scholar]
  60. The state of network security in 2021.Available from: https://www.barracuda.com/reports/netsec-report-2021
  61. KarantzasG. PatsakisC. An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors.JCP20211338742110.3390/jcp1030021
     [Google Scholar]
  62. RoseS.W. BorchertO. MitchellS. ConnellyS. Zero Trust Architecture.Natl Inst Stand Technol Spec Publ202010.6028/NIST.SP.800‑207
     [Google Scholar]
  63. JeonSo-Eun An effective threat detection framework for advanced persistent cyberattacks.20234231425310.32604/cmc.2023.034287
     [Google Scholar]
  64. VenuS. RahmanA.M.J.M.Z. Effective Routine Analysis in MANET’s over FAODV.2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI)Chennai, India, 21-22 September 2017, pp. 2016-2020.10.1109/ICPCSI.2017.8392068
     [Google Scholar]
  65. AravindS. SivakumarV. A survey on drug suggestion mechanisms using machine learning algorithm.7th International Conference on Intelligent Computing and Control Systems (ICICCS)Madurai, India, 17-19 May 2023, pp. 187-19110.1109/ICICCS56967.2023.10142523
     [Google Scholar]
  66. VenuS. Zubair RahmanA.M.J.M. Energy and cluster based efficient routing for broadcasting in mobile ad hoc networks.Cluster Comput.201922S166167110.1007/s10586‑018‑2255‑3
     [Google Scholar]
  67. ZakiM. SivakumarV. ShrivastavaS. GauravK. Cybersecurity Framework For Healthcare Industry Using NGFW.2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV)Tirunelveli, India, 04-06 February 2021, pp. 196-200.10.1109/ICICV50876.2021.9388455
     [Google Scholar]
/content/journals/swcc/10.2174/0122103279377106250507052410
Loading
A Deep Dive into Detecting and Investigating Fileless Malware
Int J Sensors Wirel Commun Control 15, 256 (2025); https://doi.org/10.2174/0122103279377106250507052410
/content/journals/swcc/10.2174/0122103279377106250507052410
/content/journals/swcc/10.2174/0122103279377106250507052410
Loading

Data & Media loading...


  • Article Type:     Review Article
Keyword(s): Anomaly detection; behaviour analysis; code injection; deception technologies; fileless malware; machine learning algorithms; memory based attacks; memory forensics; threat intelligence; user awareness training

Most Cited Most Cited RSS feed

This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error
Please enter a valid_number test