Three out of the nine exploit kits active today are using fileless attacks to infect victims.
... ...
... ...
EKs are adopting fileless attacks
But in a report released last week, Malwarebytes researchers say EK operators are changing their tactics.
Instead of relying on dropping malware on disk and then executing the malware, at least three of the nine currently active EKs are now using fileless attacks.
A fileless attack [
1,
2] relies on loading the malicious code inside the computer's RAM, without leaving any traces on disk.
Fileless malware has been around for more than half a decade, but this is the first time EKs are broadly adopting the technique.
"This is an interesting trend that makes sample sharing more difficult and possibly increases infection rates by evading some security products," said Jérôme Segura, Malwarebytes malware analyst.
The exploit kits leveraging this technique include Magnitude, Underminer, and Purple Fox
New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing