File-less Malware Is Wreaking Havoc Via PowerShell.


File-less Malware Is Wreaking Havoc Via PowerShell





Advanced Volatile Threats (AVTs) also known as the File-less Malware, is another threat which works directly from the memory. PowerShell is a major course adapted by the cyber-cons to achieve the attack.

The malware first suspends a malicious code into the target’s system. Whenever the system is working the code begins to collect the credentials on the system.

In case of a victimized company, the malicious code had started gathering the credentials of its employees, along with the administrator permissions.

The next step it took was to hunt for the most valuable assets of the organization and beeline them.

The code was too cleverly designed to be spotted by the company’s security system and the organization was never alerted.

After doing so much damage to the company and its credibility, the code disappeared without a trace.

These AVTs had surfaced around a year ago, and it works especially on working on the memory rather than on the hard drive.

The traditional and old-fashioned threat detection systems would never in a million chances sense that something’s fishy.

PowerShell is the very basic medium they use to employ the file-less malware attack.

PowerShell lets systems administrators completely automate the tasks on the servers and computers.

Meaning, if the cyber-cons happen to take control of the server and computer they could easily get hold of as many permissions as they’d wish for.



Windows is not a platform PowerShell is limited to. Microsoft Exchange, IIS and SQL servers also fall into line.

What file-less malware does is that it forces PowerShell to institute its malicious code into the console and the RAM.

It becomes a “lateral” attack once the code gets executed, meaning the attack propagates from the central server.

As after the dirty work’s done the malware leaves no traces behind, traditional security solutions are never able to place what was behind the attack.

Only heuristic monitoring systems, if run constantly could help in tracing the attack’s culprit.

Precautionary Measures Against Fileless  Malware

  • Disable PowerShell (If it’s not required to administer systems)
  • If it can’t be disabled, ensure that you’re using the latest version of it. (PowerShell 5 has better security measures in Windows)
  • Only enable specific features of PowerShell via “Constrained Language” mode.
  • Enable automatic transcription of commands which will help in making the system suspicious about file-less attacks.
  • Employ advanced cyber-security methods such as permanent anti-malware services.
  • Do constant research on unknown processes occurring within the system which could generate file-less malware.