Threat actors breaching company networks are deploying a cornucopia of malware over the remote desktop protocol (RDP) without leaving a trace on target hosts. The attackers leveraged a feature in Windows Remote Desktop Services that allows a client to share local drives to a Terminal Server with read and write permissions. When an RDP session terminates, so do associated processes and memory is typically released. When that session ends, associated processes are typically released, so are associated processes. The payloads are executed in RAM using a remote connection, which also serves for exfiltrating useful information.
Source: https://www.bleepingcomputer.com/news/security/windows-remote-desktop-services-used-for-fileless-malware-attacks/