Fileless malwares use legitimate system processes to infect a computer and they aren’t written to disk. And they’re doing that because making it becomes challenging to detect and remove them. Their traces aren’t kept in logs. Fileless malware has been effective in evading most of the sophisticated security solutions.
Does that mean fileless malware is undetectable? This is not true, it just means that fileless attacks are often undetectable by antivirus, whitelisting, and other traditional endpoint security solutions.
These are stealth attacks which fall into the category of low-observable characteristics (LOC) attacks Without being stored in a file or installed directly on a machine, fileless infections stay in the memory and the malicious content never written to the hard drive. LOC attacks take advantage of Microsoft Windows PowerShell, a legitimate and useful tool used by administrators for task automation and configuration management. PowerShell consists of a command-line shell and associated scripting language, providing adversaries with access to just about everything and anything in Windows.