A relatively new form of malware has surfaced that, unlike most malware, leaves no files on the victims computer. The Angler exploit kit—a Web-based attack tool—injects malicious code directly into other processes.

Fileless malware threats are not new, but their use is rare. It is not widely used because it is not a persistent attack. Once the victim reboots, the reboot clears RAM memory and the malware is erased.

A wide range of possibilities are opened with this type of infection. It provides a powerful way to bypass antivirus detection, it’s ideal for running a one-time information stealing program and it allows them to gather information about a compromised computer before deploying a more persistent threat that defeats its defenses.

Bogdan Botezatu, a senior e-threat analyst at Bitdefender, said: “The introduction of memory-based malware is definitely a step up for cyber-criminals. I didn’t expect to see this technique included in a commercially-available exploit kit though, as money-driven cyber-criminals would rather trade stealth for persistence.”

Botezatu went on to say that malware that resides only in memory is more typical of high-profile and state-sponsored attacks, because it allows attackers to infect the target, exfiltrate information and leave no trace on disk for forensic analysis.