A Deep Dive into Detecting and Investigating Fileless Malware

Rudransh Dewan; Swathi Rangaswamy; Sivakumar Venu

doi:10.2174/0122103279377106250507052410

image of A Deep Dive into Detecting and Investigating Fileless Malware

A Deep Dive into Detecting and Investigating Fileless Malware
Authors: Rudransh Dewan¹, Swathi Rangaswamy² and Sivakumar Venu³
View Affiliations Hide Affiliations

¹ UG Student, Vellore Institute of Technology, Vellore, Tamil Nadu, India; ² Department of Computer Applications Sree Abiraami College for Women, Thiruvalluvar University, Vellore, India ; ³ School of Computer Science and Engineering (SCOPE), Vellore Institute of Technology, Vellore, Tamil Nadu, India
Source: International Journal of Sensors Wireless Communications and Control
Available online: 15 May 2025
DOI: https://doi.org/10.2174/0122103279377106250507052410
- Received: 23 Dec 2024
- Accepted: 11 Feb 2025
- Available online: 15 May 2025

Abstract

Fileless malware is a very advanced threat that has garnered significant attention due to its highly stealthy and secretive nature, as well as its ability to easily evade traditional security measures. Unlike traditional malware, which leaves footprints on disks, fileless malware operates in the shadows of system memory, thereby surpassing detection and analysis. In this paper, we provide a comprehensive review of fileless malware, including its evolution, detection techniques, and mitigation strategies. We also explore the historical context of fileless malware. By examining various methodologies employed by researchers and practitioners worldwide, this analysis aims to shed light on strategies for combating the evolving threat posed by fileless malware. We discuss current research efforts and emerging trends in fighting fileless malware, emphasizing the importance of proactive defense strategies in mitigating this evolving threat landscape. Our analysis delves into a comparative study of traditional malware and fileless malware, specifically focusing on Kovter. Leveraging advanced tools like Any.run and VirusTotal, we examine the unique challenges that traditional antivirus solutions encounter when attempting to detect fileless malware. This study underscores the limitations of conventional detection methods in addressing the stealthy nature of these advanced threats.

Article metrics loading...

/content/journals/swcc/10.2174/0122103279377106250507052410

2025-05-15

2025-09-07

From This Site

/content/journals/swcc/10.2174/0122103279377106250507052410

dcterms_title,dcterms_subject,pub_keyword

-contentType:Contributor -contentType:Concept -contentType:Institution

10

5

Full text loading...

References

Black C. Beyond the hype: Assessing the real impact of fileless attacks. 2017 Available from: www.carbonblack.com/resources/white-papers/beyond-the-hype-assessing-the-real-impact-of-fileless-attacks
Chandran S Syam S R Sankaran S Pandey T Achuthan K. From static to AI-driven detection: A comprehensive review of obfuscated malware techniques. IEEE Access 2025 1 1 10.1109/ACCESS.2025.3550781
[Google Scholar]
Sanjay B.N. Rakshith D.C. Akash R.B. Hegde D.V.V. An approach to detect fileless malware and defend its evasive mechanisms. 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS) Bengaluru, India 20-22 December 2018 234 239 10.1109/CSITSS.2018.8768769
[Google Scholar]
Kara I. Fileless malware threats: Recent advances, analysis approach through memory forensics and research challenges. Expert Syst. Appl. 2023 214 119133 10.1016/j.eswa.2022.119133
[Google Scholar]
Chen Y Banik SM Khan M Gani A A survey of techniques for improving the detection of fileless malware. IEEE Access 2018 6 55036 57
[Google Scholar]
Demmese F.A. Neupane A. Khorsandroo S. Wang M. Roy K. Fu Y. Machine learning based fileless malware traffic classification using image visualization. Cybersecurity 2023 6 1 32 10.1186/s42400‑023‑00170‑z
[Google Scholar]
Liu S. Peng G. Zeng H. Fu J. A survey on the evolution of fileless attacks and detection techniques. Comput. Secur. 2024 137 10.1016/j.cose.2023.103653
[Google Scholar]
Vala Khushali A review on fileless malware analysis techniques. Int. J. Eng. Res. Technol. 2020 V9 5 10.17577/IJERTV9IS050068
[Google Scholar]
Dewan R. Venu S. A deep dive into detecting and investigating fileless malware. SSRN 10.2139/ssrn.4932008
[Google Scholar]
Khalid O. Ullah S. Ahmad T. An insight into the Machine-Learning-based fileless malware detection. Sensors 2023 23 2 612 10.3390/s23020612 36679406
[Google Scholar]
Wu M.H. Hsu F.H. Huang J.H. Enhancing linux system security: A kernel-based approach to fileless malware detection and mitigation. Electronics 2024 13 17 3569 10.3390/electronics13173569
[Google Scholar]
Security fabric automation. 2020. Available From: www.fortinet.com/resources/white-papers/security-fabric-automation
Hanchenko M. Gakhov S. Analysis of methods for detecting fileless malware in the energy-dependent memory of an organisation’s information system assets. CSP 2024 262 265 10.36074/logos‑26.04.2024.054
[Google Scholar]
More A. Joshi K. Kumar K. Simulation framework for fileless malware detection and analysis. SSRN 2023 10.2139/ssrn.4488146
[Google Scholar]
Aghaeikheirabady M. Farshchi S. Shirazi H. A new approach to malware detection by comparative analysis of data structures in a memory image. 2014 International Congress on Technology, Communication and Knowledge (ICTCK) Mashhad, Iran 26-27 November 2014 1 4 10.1109/ICTCK.2014.7033519
[Google Scholar]
Aljawarneh S. A web engineering security methodology for e-learning systems. Netw. Secur. 2011 2011 3 12 15 10.1016/S1353‑4858(11)70026‑5
[Google Scholar]
Harish R. Swapna M.P. Endpoint detection and response for fileless malware and LOLBin threats. 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT) Kamand, India 24-28 June 2024 1 6 10.1109/ICCCNT61001.2024.10725289
[Google Scholar]
Baldin A. Best practices for fighting the fileless threat. Netw. Secur. 2019 2019 9 13 15 10.1016/S1353‑4858(19)30108‑4
[Google Scholar]
Afreen A. Aslam M. Ahmed S. Analysis of Fileless Malware and its Evasive Behavior. 2020 International Conference on Cyber Warfare and Security (ICCWS) Islamabad, Pakistan 20-21 October 2020 1 8 10.1109/ICCWS48432.2020.9292376
[Google Scholar]
Botacin M. Grégio A. Alves M.A.Z. In-memory detection of fileless malware. The International Symposium on Memory Systems Washington, DC, USA 2020 23 3 10.1145/3422575.3422775
[Google Scholar]
Falah A. Pan L. Huda S. Pokhrel S.R. Anwar A. Improving malicious PDF classifier with feature engineering: A data-driven approach. Future Gener. Comput. Syst. 2021 115 314 326 10.1016/j.future.2020.09.015
[Google Scholar]
Bozkir A.S. Tahillioglu E. Aydos M. Kara I. Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision. Comput. Secur. 2021 103 10.1016/j.cose.2020.102166
[Google Scholar]
Registry keys affected by malware. 2020. Microsoft
[Google Scholar]
PowerShell security best practices. 2021 Available from: www.docs.microsoft.com/en-us/powershell/scripting/learn/remoting/powershell-security-best-practices
Sudhakar Kumar.S. An emerging threat Fileless malware: A survey and research challenges. Cybersecurity 2020 3 1 1 12 10.1186/s42400‑019‑0043‑x
[Google Scholar]
Lee G. Shim S. Cho B. Kim T. Kim K. Fileless cyberattacks: Analysis and classification. ETRI J. 2021 43 2 332 343 10.4218/etrij.2020‑0086
[Google Scholar]
Or-Meir O. Nissim N. Elovici Y. Rokach L. Dynamic malware analysis in the modern era-A state of the art survey. ACM Comput. Surv. 2020 52 5 1 48 10.1145/3329786
[Google Scholar]
Panchal R. A review on protection against fileless malware attacks using gateway. TURCOMAT 2021 12 10 7302 7307
[Google Scholar]
The human factor: 2020 state of the phish report 2020 Available from: www.proofpoint.com/us/resources/threat-reports/state-of-phish
Shaukat SK Ribeiro VJ RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning. Bengaluru, India, 03-07 January 2018, 356 363 10.1109/COMSNETS.2018.8328219
[Google Scholar]
Cheng S-M. Lui Y-C. Tsai N-J. Hong B-K. Toward intelligent IoT endpoint detection and response using digital twins via firmware emulation. IEEE IoT Magazine 2024 7 6 20 26 10.1109/IOTM.001.2400070
[Google Scholar]
Sivakumar V. Reddy A.H. Nehal Varma A. GRU in Anomaly Detection for IoT: A Comparative Study. Conference on Electrical, Electronics and Computer Science (SCEECS) Bhopal, India 2025 1 7 10.1109/SCEECS64059.2025.10940416
[Google Scholar]
Fileless malware: A guide for IT pros. 2018 Available From: www.symantec.com/blogs/threat-intelligence/fileless-malware-guide-it-pros
Pontiroli S. Martinez F.R. The Tao of. NET and PowerShell Malware Analysis. Virus Bulletin Conference 2015
[Google Scholar]
Szor P. The Art of Computer Virus Research and Defense. Pearson Education 2005
[Google Scholar]
Nguyen T-G. Detecting Fileless Malware on Windows with ATT&CK: A Practical Approach. 2024 International Conference on Electrical, Computer and Energy Technologies ICECET. Sydney, Australia 25-27 July 2024, 1 6 10.1109/ICECET61485.2024.10698218
[Google Scholar]
Fileless malware in targeted attacks. 2020 Available From:www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-uncut-fileless-malware.pdf
Wueest C. Anand H. Internet security threat report-living off the land and fileless attack techniques. An Istr Special Report 2017; 4 9
[Google Scholar]
Bhardwaj A. Al-Turjman F. Sapra V. Kumar M. Stephan T. Privacy-aware detection framework to mitigate new-age phishing attacks. Comput. Electr. Eng. 2021 96 107546 10.1016/j.compeleceng.2021.107546
[Google Scholar]
Alahmadi A. Alkhraan N. BinSaeedan W. MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder. Comput. Secur. 2022 116 102658 10.1016/j.cose.2022.102658
[Google Scholar]
Understanding and mitigating fileless threats 2019 Available from: www.malwarebytes.com/blog/news/2019/01/understanding-and-mitigating-fileless-threats
Zhang Q. Wu B. Gao J. Xue B. Remote Injected Code Behavior Analysis using Code Refactor. 2022 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA) 334 8 10.1109/ICAICA54878.2022.9844547
[Google Scholar]
Alfouzan Faisal Abdulaziz Kim Kyounggon Alzahrani Nouf An efficient framework for securing the smart city communication networks. Sensors 2022 22 8 3053 10.3390/s22083053 35459038
[Google Scholar]
Neiler W. 10.1007/978‑3‑031‑18458‑1_23
Kim Kyounggon Alfouzan Faisal Abdulaziz Kim Huykang Cyber-attack scoring model based on the offensive cybersecurity framework. Appl. Sci. 2021 11 16 7738 10.3390/app11167738
[Google Scholar]
Namanya AP Cullen A Awan IU Disso JP The World of Malware:An Overview. 10.1109/FiCloud.2018.00067
[Google Scholar]
Endpoint security solutions for fileless malware 2018 Available From: https://www.bitdefender.com/en-kr/business/gravityzone-platform/fileless-attack-defense
Rad B.B. Masrom M. Ibrahim S. Evolution of computer virus concealment and anti-virus techniques: A short survey. IJCSI 2018 8 1 113 121
[Google Scholar]
The Role of Machine Learning in Detecting Fileless Malware 2021
The rise of fileless attacks in the modern threat landscape. 2020
Advanced threat protection for fileless malware. 2021 Avaialble From: www.proofpoint.com/us/products/advanced-threat-protection
Block F. Dewald A. Windows Memory Forensics: Detecting (Un)Intentionally Hidden Injected Code by Examining Page Table Entries. Digit. Invest. 2019 29 S3 S12 10.1016/j.diin.2019.04.008
[Google Scholar]
Wilhelm J. Chiueh T-C. “A Forced Sampled Execution Approach to Kernel Rootkit Identification” in Recent Advances in Intrusion Detection. Springer 2007 219 235
[Google Scholar]
Stanton B. Theofanos M.F. Prettyman S.S. Furman S. Security Fatigue. IT Prof. 2016 18 5 26 32 10.1109/MITP.2016.84 38566917
[Google Scholar]
Jyoshna Bejjam E. Unveiling the Veiled: Unmasking Fileless Malware through Memory Forensics and Machine Learning. Int. J. Recent Innov. Trends Comput. Commun. 2023 11 9 3691 3700 10.17762/ijritcc.v11i9.9592
[Google Scholar]
Prasanna K. Hariprasad S.A. Harnessing Convolutional Neural Networks for Histopathological Breast Cancer Classification. Int. J. Recent Innov. Trends Comput. Commun. 2023 11 9
[Google Scholar]
Talos Intelligence Fileless Malware in the Wild. 2020 Available From: www.talosintelligence.com/fileless-malware
[Google Scholar]
Borana P. Sihag V. Choudhary G. Vardhan M. Singh P. An assistive tool for fileless malware detection. 2021 World Automation Congress (WAC) 21 5 Taipei, Taiwan. 2021 10.23919/WAC50355.2021.9559449
[Google Scholar]
How behavioral analytics mitigate fileless attacks. 2020
Singh R. Agarwal M. Verma P. Challenges in deploying GRU models in real-time IoT environments. IEEE J-IoTSA 2023 5 3 200 211
[Google Scholar]
Networks Barracuda Email security and fileless malware. 2021
[Google Scholar]
Karantzas G. Patsakis C. An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. JCP 2021 1 3 387 421 10.3390/jcp1030021
[Google Scholar]
Rose S.W. Borchert O. Mitchell S. Connelly S. Zero Trust Architecture. Natl Inst Stand Technol Spec Publ 2020 10.6028/NIST.SP.800‑207
[Google Scholar]
Jeon So-Eun An effective threat detection framework for advanced persistent cyberattacks. 2023 4231 53 10.32604/cmc.2023.034287
[Google Scholar]
Venu S. Rahman A.M.J.M.Z. Effective Routine Analysis in MANET’s over FAODV. 2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI) Chennai, India 21-22 September 2017 2016 2020 10.1109/ICPCSI.2017.8392068
[Google Scholar]
Aravind S. Sivakumar V. A survey on drug suggestion mechanisms using machine learning algorithm. 7th International Conference on Intelligent Computing and Control Systems (ICICCS) Madurai, India 17-19 May 2023 187 191 10.1109/ICICCS56967.2023.10142523
[Google Scholar]
Venu S. Zubair Rahman A.M.J.M. Energy and cluster based efficient routing for broadcasting in mobile ad hoc networks. Cluster Comput. 2019 22 S1 661 671 10.1007/s10586‑018‑2255‑3
[Google Scholar]
Zaki M. Sivakumar V. Shrivastava S. Gaurav K. Cybersecurity Framework For Healthcare Industry Using NGFW. 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV) Tirunelveli, India 04-06 February 2021 196 200 10.1109/ICICV50876.2021.9388455
[Google Scholar]

/content/journals/swcc/10.2174/0122103279377106250507052410

A Deep Dive into Detecting and Investigating Fileless Malware

Bentham Science Publishers ; https://doi.org/10.2174/0122103279377106250507052410

/content/journals/swcc/10.2174/0122103279377106250507052410

Data & Media loading...

Article Type: Review Article

Keywords: memory based attacks ; deception technologies ; machine learning algorithms ; code injection ; user awareness training ; Anomaly detection ; threat intelligence ; fileless malware ; memory forensics ; behaviour analysis

A Deep Dive into Detecting and Investigating Fileless Malware

Abstract

From This Site

Most Read This Month

Most Cited Most Cited RSS feed

MQTT Implementations, Open Issues, and Challenges: A Detailed Comparison and Survey

Improved Convolutional Neural Network and Heuristic Technique based on Forecasting and Sizing of Hybrid Renewable Energy System

A Pill to Find Them All: IoT Device Behavior Fingerprintin g using Capsule Networks

Concept and Application of Envelope Spectrum Analysis in the Field of Vibration Signal Processing

A Study on Security Issues and Attacks, Challenges and Future Improvements in Cloud-based IoT

Proactive Routing Mechanism for Removing Far Sensor in IoT using A Design of B * Index

A Concise Review on Internet of Things: Architecture, Enabling Technologies, Challenges, and Applications

Signal Assessment Using ML for Evaluation of WSN Framework in Greenhouse Monitoring

Enhancing Image Dehazing Efficiency with Dual Colour Space Attentional Deep Networks

A Survey on Game Theory based Interference Mitigation in WBASN