SentinelOne last week announced that it has detected a technique being used in Asia to infect systems with remote access Trojans that ensures that the payload remains in memory throughout its execution and doesn’t touch the victim’s computer disk in an unencrypted state.
Attackers remain hidden from antivirus technologies and next-generation technologies that focus only on file-based threats, according to SentinelOne.
The samples analyzed also can detect the presence of a virtual machine, preventing them from being analyzed in a network sandbox.
Remote access Trojans, or RATs, aren’t new but the technique is, said Joseph Landry, senior security researcher at SentinelOne.
“We expect to see an increase in fileless-based attacks that execute in memory to avoid detection,” he told TechNewsWorld.