Trojans are a type of malware —generally, files, systems, or computer code — that embed themselves within other genuine software to appear harmless. Like the intent of the Trojan Horse in Greek legend, Trojans deceive their recipients, packaging themselves to impersonate legitimate files, targeting people to click, open, or install them.
Once opened, a Trojan installs malware that spies on and inflicts severe harm on users’ computer software, data, or networks. Trojans are sometimes referred to as Trojan viruses or Trojan horse viruses. However, this is not altogether accurate. Viruses tend to reproduce and spread, while a Trojan isn’t designed to replicate. Viruses and Trojans also differ in that viruses are meant to modify data, while Trojan horses are designed to steal the information.
What Is a Trojan and What’s the History?
Trojans were one of the earliest cyber security threats, developing in the early 1980s and 1990s as computers became more established in business and for personal use. In 1975, a computer programmer named John Walker invented the first Trojan called “Animal.” Since then, malware has continued to improve quickly, growing progressively more complicated to detect.
In recent history, there have been cases where Trojans proved damaging and costly to their unsuspecting targets. One of the most notable was Emotet, which landed in Europol’s 2021 report on organized crime, SOCTA (Serious and Organized Crime Threat Assessment). Using email as the vehicle to attack its victims, Emotet became known as a banking Trojan, causing the Chilean bank Consorcio, to assume losses worth $2 million.
What Is a Trojan and How Do They Work?
Trojans are designed to complete a variety of malicious attacks. Phishing and other types of social engineering are examples of common delivery methods. Their damage can range from browsing the hard drive to steal data, to recording keystrokes that may be personal passwords or account numbers, all the way to shutting down the computer at random or deleting the entire hard drive. Someone who delivers a Trojan can control it remotely, making it easier to infect hardware and networks not physically accessible.
For example, a user might receive an email that appears to be from someone they know. The attachment in the trojan message looks real. Because the emails appear to come from a friend or trusted organization, most people wouldn’t think twice before clicking on the link. This allows the Trojan to release malware on the device, which can spread quickly, infect, and potentially damage a computer.
Common Types of Trojan Malware, From A to Z
Whether you’re a cybersecurity novice or refreshing your knowledge, it’s a good idea to know what threats exist. Answering “what is a Trojan?” is more complex. The following lists some of the most notable Trojan malware. While not exhaustive, it’s a cross-section of the key types of attacks accessible to those executing malicious cybersecurity acts.
Attackers can use Backdoor Trojans to gain remote access and control targeted hardware. Backdoor Trojans can enable the installation and launch of third-party code on victims’ devices that then force various actions like recording keystrokes or even operating computer microphones and cameras. One of the simplest and most harmful trojans, attackers also use them to manage a group of infected computers, as well as to download and steal data.
Distributed Denial of Service (DDoS) Attack Trojan
DDoS Trojans attack a user’s IP address and perform attacks to bombard and dismantle your network.
Fake AV Trojan
Fake AV Trojans present like antivirus software but will require money from you in order to perform the task of identifying and eliminating risks, regardless of whether they are real threats or fraudulent.
Mailfinder Trojans steal your list of email addresses on your device.
This Trojan seeks financial compensation from the owner to undo the damage that it has done to your computer. Additionally, the Ransom Trojan can include blocking your data or impairing your computer's performance.
Remote Access Trojan
This Trojan seeks to provide an attacker with complete control over your computer by using a remote access connection.
SMS and other types of similar Trojans infect your mobile device and seek to transmit and divert text messages.
Examples of Trojan Malware Attacks
One of today’s most popular forms of Trojan malware attacks occur using ransomware. The rising use of cryptocurrencies has made it more convenient to launch these forms of attacks, which restrict and hold access to computer networks and devices hostage until victims submit payment. Ransomware delivers payment. The banking industry has been a prime target for ransomware attacks, experiencing a 1,318 percent year-on-year increase in attacks in the first half of 2021.
In 2007, a Trojan malware attack known as the “Storm” worm attacked computers in the United States and Europe. Attackers launched this Trojan by sending an email to recipients with the subject line: "230 dead as storm batters Europe." Government officials and law enforcement had a difficult time containing this type of Trojan because even after they shut down the initial attack, the code reappeared by replicating itself.
How Do They Impact Mobile & Are They a Threat to All End Devices?
From desktops to laptops and Windows and Mac operating systems, Trojans are a potential threat to any end device. And, in today’s mobile-dominant environment, hardware such as smartphones and tablets are prime targets.
Cybercriminals are skilled at convincing naive users to download fake apps crammed with malware that looks genuine like an app or other commonly downloaded items. Like Trojans that run on laptops and desktops, the malware on mobile devices steal the device's data and often seek to generate income by sending premium SMS text messages.
How to Help Recognize, Remove and Protect Against Them
Detecting Trojans may prove challenging because they often mimic legitimate system files. Traditional antivirus programs aren’t as effective at identifying them. Some of the most common symptoms of a Trojan attack include:
- the appearance of surprise browser windows and pop-up boxes
- very slow computer processor performance
- unrecognizable software programs
- sudden computer shutdowns and reboots
- missing, deleted, relocated, or encrypted files
- slow or interrupted internet connections
On the positive side, Trojans don’t self-replicate, so deleting the malware’s host program often removes the threat. But there are scenarios where that might not be the case. For example, some Trojans install additional malware programs, making it harder to detect and remove everything by deleting a single program. It’s best to use antivirus software to get rid of all traces of a Trojan attack. It’s the easiest and most effective first step for identifying and removing Trojans.
Removing a Trojan without using antivirus software may require different steps, depending on if the malware is posing as a program, or if creating malicious background processes. Under either circumstance, experts suggest starting a computer in safe mode to minimize further damage. Also, Windows and Mac operating systems also require different action plans for eliminating threats from Trojans.
Remove a Trojan from a PC by taking the following steps:
If you’re using a Windows PC:
- Open the PC’s settings
- Select “apps”
- Go to “apps & features”
- Select the name of the Trojan program, and uninstall
Remove a Trojan from a Mac by taking the following steps:
- Launch the Finder
- Open the Applications folder (click Command+Shift+A)
- Locate the Trojan
- Move the file to Trash
When it comes to safeguarding against Trojan attacks, end users are the first line of defense. Users must initiate this particular form of malware, so training them to evaluate and be highly cautious of what they click and open is critical to guarding against Trojans. Some best practices for end-users include:
- Only visiting websites with URLs that begin with HTTPS
- Never downloading attachments or clicking unsolicited or unexpected links, even if they appear to be from a known contact
- Refrain from installing apps or programs from unofficial websites or app repositories
- Avoiding system logins via links from email or text message (log into accounts through a new browser tab or an approved app)
- Use a spam filter to help prevent malicious messages from accessing email inboxes
Network administrators also play a key role in protecting again Trojans. They should install computer internet security software and run periodic diagnostic scans on mobile devices.
In addition, experts recommend that you bring your operating system up to speed at the onset of the initial notification that new updates are available.
Regularly updating antivirus software is just as important as installing anti-virus software. This prevents attackers from gaining access to computers through vulnerabilities in outdated systems. Firewalls help keep your personal information confidential. And last but not least, inspect email attachments before opening them. Users should take the same precautions with pop-up windows that offer free programs.
What Is a Trojan: Piggybacking Onto the End Device Is a Thing
While Trojans are typically found in files like email attachments, there are other ways for them to gain unnoticed access to networks and devices. Some types of Trojans "piggyback" on supposedly free programs. Piggybacking can also refer to a neighbor or other person within proximity of a user’s Wi-Fi that taps into and uses the neighboring internet connection. Although this might seem harmless, doing so generally leaves users with less bandwidth for using an internet connection and more susceptible to malware attacks.
Learn the types of attacks on a system, the techniques used, and more with the Certified Ethical Hacking Course. Enroll now!
Learn More About Protecting Against Attacks and Become a Leader in Cybersecurity
Simplilearn’s Post Graduate Program in Cyber Security is designed to help students learn comprehensive approaches to protecting infrastructure and securing data, including risk analysis and mitigation, cloud-based security, and compliance. Graduates complete the program with industry-leading practices, with both foundational to advanced skills that prepare them to succeed in cyber security roles across any industry.