Which term refers to malware that operates in memory and evades detection?

Fileless malware operates primarily in memory rather than leaving malicious files on disk, which helps it evade traditional signature-based detection. It often uses legitimate system tools (like PowerShell or WMI) to run code, inject into other processes, and establish persistence, leaving few artifacts on the hard drive for standard scanners to find. Because many defenses focus on scanning files and known signatures, these memory-resident attacks slip by unless security tools monitor behavior, memory usage, and process activity for suspicious patterns such as bursts of PowerShell activity, unusual script execution, or unexpected parent-child process relationships. Ransomware describes a malware goal—encrypted data for ransom—rather than how the malware operates, and endpoint security is the product category, not the threat type.