The malware type that infects legitimate software and relies on existing system protocols to perform malicious activities is called what?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

The malware type that infects legitimate software and relies on existing system protocols to perform malicious activities is called what?

Explanation:
This question centers on how some malware operates by staying under the radar and using trusted system tools rather than dropping its own files. Fileless malware lives in memory and hijacks legitimate software or system processes to carry out malicious actions. Because it doesn’t leave obvious new files on disk, it often uses built-in channels and protocols of the operating system (like PowerShell, WMI, or signed binaries) to execute commands, move laterally, and exfiltrate data. It also leverages existing network protocols (HTTP, HTTPS, SMB, DNS, etc.) to communicate, which makes detection harder for traditional file-based defenses. That’s why the term that fits best is fileless malware: it infects legitimate software and relies on the OS’s own mechanisms and protocols to perform the bad activities, rather than relying on new, separate malware files. Legitimate applications as a concept aren’t inherently malicious. Memory code injection is a technique used by some malware but isn’t a malware type by itself. File-based malware involves dropping and running files on disk, which is the opposite of the behavior described.

This question centers on how some malware operates by staying under the radar and using trusted system tools rather than dropping its own files. Fileless malware lives in memory and hijacks legitimate software or system processes to carry out malicious actions. Because it doesn’t leave obvious new files on disk, it often uses built-in channels and protocols of the operating system (like PowerShell, WMI, or signed binaries) to execute commands, move laterally, and exfiltrate data. It also leverages existing network protocols (HTTP, HTTPS, SMB, DNS, etc.) to communicate, which makes detection harder for traditional file-based defenses.

That’s why the term that fits best is fileless malware: it infects legitimate software and relies on the OS’s own mechanisms and protocols to perform the bad activities, rather than relying on new, separate malware files.

Legitimate applications as a concept aren’t inherently malicious. Memory code injection is a technique used by some malware but isn’t a malware type by itself. File-based malware involves dropping and running files on disk, which is the opposite of the behavior described.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy