Fileless Malware: What it is, warning signs, and how to stop it

Fileless Malware

What it is

Fileless malware runs from memory instead of dropping obvious files on your disk. It often abuses built-in tools (like PowerShell or WMI) and trusted apps, making it harder for traditional antivirus to spot.

How it works 

  • You visit a booby-trapped page or open a malicious email.

  • A script (JavaScript, Office macro, PowerShell) launches in memory.

  • It uses legit system tools to download commands, steal data, or move sideways - often leaving little on disk.

What you may notice

  • Fans rev up; system slows for no clear reason

  • Odd popups or brief command windows flashing and closing

  • Security tools disabled or updates failing

  • New scheduled tasks or policies you didn’t set

If you suspect it 

  1. Disconnect from the internet.

  2. Run a full anti-malware scan; reboot; scan again.

  3. Check Startup apps, Scheduled Tasks, and browser extensions; remove unknowns.

  4. From a clean device, change important passwords and turn on MFA.

  5. Update OS, browsers, Office, and disable Office macros by default.

Prevent it

  • Open attachments only from trusted senders; avoid enabling macros.

  • Keep Windows, browsers, and plugins updated.

  • Use reputable EDR/anti-malware that monitors script behavior.

  • Limit powerful tools: constrain PowerShell, restrict WMI, and use least privilege.

  • Consider DNS/web filtering to block known malicious domains.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Fileless Attacks

        What it is A fileless attack runs malicious code directly in memory or abuses built-in tools (PowerShell, WMI, Office macros) so there’s little or nothing written to disk. That stealth lets it slip past traditional antivirus and move quickly inside a ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • Malware

        What it is Malware is any software made to harm your device or data. It can steal passwords, lock your files, spy on activity, or hijack your browser. For a quick primer and examples, see our malware explainer. How it spreads Phishing emails and fake ...

      • Kovter

        What it is Kovter is a fileless malware family best known for large-scale ad fraud. It hides in memory and the Windows registry, abuses tools like PowerShell, and phones home for commands so it can click ads, load pages in the background, and ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...