From tripwire.com
Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low-observable characteristics (LOC) attacks. Since these attacks have no identifiable code or signature, traditional defense mechanisms such as antivirus, whitelisting, and endpoint detection systems often struggle to detect these attacks.
When a victim accidentally clicks a malicious link or an attachment in a phishing email, it triggers the exploit, often using shellcode such as PowerShell to avoid detection and eliminate the trace of its activity. Afterward, it runs commands to download and execute payload solely within the system memory.