Which term describes malware that operates in memory and avoids traditional detection techniques?

Fileless malware stays in memory and avoids traditional detection by not leaving obvious files on disk. It runs in RAM and often exploits legitimate system tools—like PowerShell, WMI, or script runtimes—to execute code, so signature-based antivirus that looks for known binaries can miss it. Because there aren’t new malicious executables to scan, defenders must rely on behavior-based detection and memory analysis, watching for unusual process chains or the heavy use of living-off-the-land techniques. Persistence is achieved through in-memory methods or by abusing legitimate services, rather than installing a traditional file-based program. This differs from general endpoint protection, from zero-day exploits, and from ransomware, which encrypts data for ransom.