In this paper, we show that persistent data-only malware is not only possible, but also a realistic threat. To demonstrate this, we state the requirements of persistent data-only malware, discuss the challenges associated with its creation, and show how these challenges can be solved in practice.