The legend of He-Who-Shall-Not-Be-Named may only be true in the Harry Potter book, but his influence has managed to escape into the real world. Not as a wizard—but as a nasty piece of malware.

But what is the Voldemort fileless malware, and how can you stay safe?

The Voldemort email

What Is Fileless Malware?

What makes the Voldemort malware so nasty is how it works.It’s classed as fileless malware, which means it doesn’t download any additional files once activated. Instead, the malware is loaded directly into the computer’s memory. From there, it can run instantly without requiring input, making it difficult for an antivirus app to catch it.

How Does the Voldemort Malware Work?

As reported byProofpoint, a Voldemort attack starts as a scam email sent to businesses. This email impersonates the tax authority of the recipient’s country and states that there’s been a change in how taxes are filed. The victim is urged to click a link to learn more.

Once the link is clicked, the website checks to see if the victim is running Windows. If they are, it downloads a LNK file to their PC and disguises it as a PDF. LNK files are not malicious by themselves, but they can be programmed to tell PowerShell to perform malicious activity.

The disguised Voldemort LNK file, posing as a PDF

This particular LNK is set up to run fileless malware that harvests data from the target computer. The information is then sent to a Google Sheet for the hackers to use as they will.

How to Stay Safe From Voldemort Malware

Fortunately, keeping safe from Voldemort is pretty simple. You’ll likely only come across it if you’re in a business and you’re handling the company’s emails.

If you receive an email from someone claiming to be from the tax authority of your country, go through all theways to spot a fraud or fishing emailbefore you click anything.

If you accidentally download the fake PDF, you’re able to still delete it without launching the malware. You can tell if it’s a fake PDF because of the little “shortcut arrow” at the bottom left of the icon. Regular PDFs don’t have that arrow because they’re not a shortcut—they’re the real deal. A hidden LNK file, on the other hand, counts as a shortcut and has a little arrow.

If you do accidentally run the fake PDF, you can try running a malware scan to see if your antivirus catches anything. However, fileless malware is designed to be as evasive as possible, so your best bet is to do aclean install of your operating systemto flush it out.

The Voldemort malware may not be as powerful as a magical dark lord, but it’s still pretty nasty, and worst of all, it’s real. Fortunately, if you keep your wits about you, you can dodge it.