content/en-us/images/repository/isc/2021/trojans-1.jpg

Trojan definition

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

What is a Trojan?

The term “Trojan” derives from the ancient Greek story about the deceptive Trojan horse which led to the fall of the city of Troy. When it comes to your computer, a Trojan virus operates similarly – it hides within seemingly harmless programs or tries to trick you into downloading it. The name was coined in a US Air Force report in 1974, which speculated on hypothetical ways computers could be compromised.

You will sometimes hear people refer to a "Trojan virus" or a "Trojan horse virus," but these terms are slightly misleading. This is because, unlike viruses, Trojans don’t self-replicate. Instead, a Trojan horse spreads by pretending to be useful software or content while secretly containing malicious instructions. It is more useful to think of “Trojan” as an umbrella term for malware delivery, which hackers use for various threats.

How do Trojans work?

A Trojan must be executed by its victim to do its work. Trojan malware can infect devices in several ways – for example:

  • A user falls victim to a phishing or other social engineering attack by opening an infected email attachment or clicking on a link to a malicious website.
  • A user sees a pop-up for a fake antivirus program that claims your computer is infected and invites you to run a program to clean it up. This is known as “scareware”. In reality, users are downloading a Trojan onto their device.
  • A user visits a malicious website and experiences a drive-by download pretending to be helpful software.
  • A user downloads a program whose publisher is unknown from an untrustworthy website.
  • Attackers install a Trojan through exploiting a software vulnerability or through unauthorized access.
  • Hackers create a fake Wi-Fi hotspot network that looks like one a user is trying to connect to. When the user connects to this network, they can be redirected to fake websites containing browser exploits that redirect any file they try to download.

The term “Trojan dropper” is sometimes used in relation to Trojans. Droppers and downloaders are helper programs for various types of malware, including Trojans. Usually, they are implemented as scripts or small applications. They don’t carry any malicious activity themselves but instead pave the way for attacks by downloading, decompressing, and installing the core malicious modules.

Types of Trojans

Trojans are classified according to the type of actions that they can perform on your computer. Trojan horse virus examples include:

Backdoor 

A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer – including sending, receiving, launching, and deleting files, displaying data, and rebooting the computer. Backdoor Trojans are often used to unite a group of victim computers to form a botnet or zombie network that can be used for criminal purposes.

Exploit 

Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that's running on your computer.

Banker Trojan

Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems, and credit or debit cards.

Clampi Trojan

Clampi – also known as Ligats and Ilomo – lies in wait for users to sign in to make a financial transaction, such as accessing online banking or entering credit card information for an online purchase. Clampi is sophisticated enough to hide behind firewalls and go undetected for long periods.

Cryxos Trojan

Cryxos is commonly associated with so-called scareware or fake support call requests. Typically, victims receive a pop-up containing a message like "Your device has been hacked" or "Your computer is infected". The user is directed to a phone number for support. If the user calls the number, they are pressured to pay for assistance. In some cases, the user may be asked to give remote access of their machine to the “customer service agent”, potentially leading to device hijack and data theft.

DDoS Trojan

These programs conduct DDoS (Distributed Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address, leading to a denial of service.

Downloader Trojan

Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware.

Dropper Trojan

These programs are used by hackers to install Trojans or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.

FakeAV Trojan

Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats, even though the threats they report are non-existent.

GameThief Trojan

This type of program steals user account information from online gamers.

Geost Trojan

Geost is an Android banking Trojan. It hides in malicious apps which are distributed through unofficial webpages with randomly generated server hostnames. Victims typically encounter these when they look for apps that are not available on Google Play. Once the app is downloaded, it requests permissions which, when enabled, allow malware infection. Geost was discovered after the gang behind it made security mistakes, allowing researchers to see right into their operation and even identify some of the perpetrators.

IM Trojan

Trojan-IM programs steal your logins and passwords for instant messaging programs – such as WhatsApp, Facebook Messenger, Skype, and many more. This type of Trojan can allow the attacker to control chat sessions, sending the Trojan to anybody on your contact list. They can also perform DDoS attacks using your computer.

Mailfinder Trojan

These programs can harvest email addresses from your computer, allowing cyber criminals to send mass mailings of malware and spam to your contacts.

Ransom Trojan

This type of Trojan can modify data on your computer – so that your computer doesn't run correctly, or you can no longer use specific data. The criminal will only restore your computer's performance or unblock your data after you have paid them the ransom money they demand.

Remote Access Trojans

Abbreviated as RAT, Remote Access Trojans give hackers complete control over your computer from a remote location. They can be used to steal information or spy on you. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers to establish a botnet.

Rootkit 

Rootkits are designed to conceal certain objects or activities in your system. Often their primary purpose is to prevent malicious programs from being detected – to extend the period in which programs can run on an infected computer.

SMS Trojan

These programs can cost you money by sending text messages from your mobile device to premium rate phone numbers.

Spy Trojan

Trojan-Spy programs can spy on how you're using your computer – for example, by tracking the data you enter via your keyboard, taking screenshots, or getting a list of running applications.

Qakbot Trojan

Qakbot is an advanced banking Trojan. Believed to be the first malware specifically designed to harvest banking information, this is often used in conjunction with other well-known tools.

Wacatac Trojan

Trojan Wacatac is a highly damaging Trojan threat that can carry out various malicious actions on the target system. It usually infiltrates via phishing emails, file-sharing over infected networks, and software patches. It aims to steal confidential data and share them with hackers. It can also allow remote access to hackers to carry out harmful tasks.

Other Trojans examples include:

  • Trojan-ArcBomb
  • Trojan-Clicker
  • Trojan-Notifier
  • Trojan-Proxy
  • Trojan-PSW 
Trojan virus

How Trojans can impact you

Trojans are incredibly good at hiding. They trick users into installing them and then work behind the scenes to achieve their aim. If you fall victim, you may not even realize it until it's too late. If you suspect your device may have been breached by Trojan malware, you should look out for the following signs:

  • Poor device performance – for example, running slowly or frequently crashing (including the infamous “blue screen of death”)
  • The desktop has changed – for example, the screen resolution has altered, or the color appears different
  • The taskbar has changed – or perhaps disappeared altogether
  • Unrecognized programs appear in your task manager – you didn’t install them
  • An increase in pop-ups – not just ads but browser pop-ups offering products or antivirus scans which, when clicked on, download malware onto your device
  • Being redirected to unfamiliar websites when browsing online
  • An uptick in spam emails

It is possible to remove some Trojans by disabling start-up items on your computer which don’t come from trusted sources. To this, reboot your device into safe mode so that the Trojan can’t stop you from removing it.

Be clear about which specific programs you are removing because you could slow or disable your system if you remove basic programs your computer needs to function.

Can Trojans infect cell phones?

In short: yes. Trojan malware can affect mobile devices as well as laptop and desktop machines. When this happens, it’s usually via what seems like a legitimate program but is actually a fake version of an app that contains malware. Usually, these programs have been downloaded from unofficial or pirate app markets by unsuspecting users – a recent example being a fake version of the Clubhouse app. Trojanized apps can steal information from your phone and also make money for the hackers by causing it to send premium-rate SMS text messages.

However, it is quite rare for an iPhone to be infected by a Trojan – partly because of Apple's "walled garden" approach, which means that third-party apps must be approved and vetted through the App Store, and partly because apps on iOS are sandboxed. This means they can't interact with other apps or gain deep access to your phone's operating system. However, if your iPhone has been jailbroken, you won’t enjoy the same level of protection against malware.

How to protect yourself against Trojans

As ever, a combination of comprehensive antivirus protection and good cybersecurity hygiene is your best protection from Trojan malware:

  1. Be cautious about downloads. Never download or install software from a source you don’t trust completely.
  2. Be aware of phishing threats. Never open an attachment, click a link, or run a program sent to you in an email from someone you don’t know. 
  3. Update your operating system’s software as soon as the updates are available. In addition to operating system updates, you should also check for updates on other software you use on your computer. Updates often include security patches to keep you safe from emerging threats.
  4. Don’t visit unsafe websites. Look out for sites that have security certificates – their URL should start with https:// rather than http:// - the “s” stands for “secure” and there should be a padlock icon in the address bar too.
  5. Avoid clicking pop-ups and banners. Don’t click on unfamiliar, untrusted pop-ups warning you your device is infected or offering a magical program to fix it. This is a common Trojan horse tactic.
  6. Protect accounts with complex, unique passwords. A strong password is not easy to guess and ideally made up of a combination of upper- and lower-case letters, special characters, and numbers. Avoid using the same password across the board and change your password regularly. A password manager tool is an excellent way to manage your passwords.
  7. Keep your personal information safe with firewalls. Firewalls screen data that enters your device from the internet. While most operating systems come with a built-in firewall, it’s also a good idea to use a hardware firewall for complete protection.
  8. Back up regularly. While backing up your files won’t protect you from downloading a Trojan, it will help you should a malware attack cause you to lose anything important.

By installing effective antivirus software, you can defend your devices – including PCs, laptops, Macs, tablets, and smartphones – against Trojans. A robust antivirus solution – such as Kaspersky Total Security – will detect and prevent Trojan attacks on your devices and ensure a safer online experience.

Related articles:

What is a Trojan? - Definition and Explanation

What is a Trojan virus? Trojans are malicious programs that perform actions that have not been authorized by the user. Learn more about Trojans with Kaspersky.
Kaspersky Logo