What is Trojan


Everything you need to know about Trojans: what they are, where they come from and how to protect yourself against them. Find out more for the essential information you need about this common online threat.

All about Trojans

Watch out for Greeks giving gifts

In Virgil’s epic poem, Aeneid , the cunning Odysseus devises a plan to lead his troops into walled Troy. Instead of tearing down walls or climbing over them, Odysseus found another way: deception. The Trojan soldiers watched as the Greeks seemed to drift away, leaving the huge wooden horse behind as a sign of surrender. The Trojans celebrating the victory dragged the horse to the city, and with it the hidden Odysseus and his soldiers.

Like the wooden horse of the poem, Trojan horses or simply Trojans are scams and social engineering methods that encourage unsuspecting users to run seemingly benign computer programs that hide malicious code.

How to characterize a Trojan

People sometimes think of a Trojan as a virus or worm, but neither is it really. A virus is a file-infecting program that can replicate itself and spread by attaching itself to another program. Worms are malicious programs similar to viruses, but they do not need to be bundled with another program to spread. Most viruses are now viewed as an obsolete type of threat. Worms have also become rare, although they still appear from time to time. 

The Trojan can be like a swiss army knife in the field of hacking .

Think of Trojans as a general term for malware as there are different types of malware . Depending on the intentions of the cybercriminal, the Trojan can be like a Swiss Army knife for hacking, acting as part of a standalone malware or as a tool for other tasks such as introducing future threats, communicating with the hacker at a later time, or opening the system to attacks, just like Greek soldiers they opened the Trojan stronghold.

In other words, the Trojan encompasses a strategy that hackers use to launch any number of threats, from ransomware that demand money immediately to spyware that works covertly and steals valuable information such as personal and financial information.

Be aware that adware or potentially unwanted programs ( PUPs ) can be confused with Trojans as the way they are introduced is similar. For example, sometimes adware sneaks into your computer as part of a software package. You think you are downloading one program, but actually two or three. The authors of the program usually add advertising for marketing purposes so as to monetize the installer with usually clearly marked offers. Such adware packages are usually less harmful than Trojans. They also don’t hide like Trojans. But since the adware distribution vector resembles the Trojan distribution vector, it can cause confusion.

Trojan infection methods

Trojans can look like any program, from free software and music, to advertisements in browsers, to seemingly legitimate applications. Unwise user behavior can lead to Trojan infection. Here are some examples:

  • Downloading illegal applications. Promises of illegal free copy of software may be tempting, but such software or activation key generator may hide a Trojan attack.
  • Downloading unknown free programs. What looks like a free game or screensaver can really be a Trojan, especially if you find it on an untrusted site.
  • Opening infected attachments. You get a weird email with what looks like an important attachment, such as an invoice or delivery note, but when clicked, a Trojan launches.
  • Visiting untrusted websites. Some websites only take a moment to infect a computer. Others use tricks like pretending to get streaming of a popular movie, but only if you download a certain video codec, which is really a Trojan.
  • Any other social engineering method that disguises itself using the latest trends. For example, in December 2017, it was discovered that an extensive installed base of Intel processors was vulnerable to attacks due to hardware issues. The hackers panicked by imitating an update called Smoke Loader that installed the Trojan.

History of Trojans

Entertainment and games

A program called ANIMAL, released in 1975, is generally considered to be the world’s first example of a Trojan attack. It was presented as a simple game with twenty questions. However, covertly, the game copied itself to shared directories where it could be found by other users. From there, it could spread across entire computer networks. In most cases, it was a harmless joke.

Until December 1989, this Trojan attacked more or less. Several thousand floppy disks containing the AIDS Trojan, the first known ransomware, were sent to subscribers of PC Business World magazine and contacts on the AIDS World Health Organization conference mailing list. This DOS Trojan was dormant for 90 boot cycles, encrypted all file names on the system, and then displayed a message asking to send $ 189 to a Panama mailbox for a decryption program.

In the 1990s, another infamous Trojan appeared in the form of the simple Whack-A-Mole game. The game hides a version of the NetBus program that allowed remote control of the Microsoft Windows computer system via the network. With remote access, the attacker could do anything on the computer and even open the CD drive.

Love and money

In 2000, the Trojan ILOVEYOU then became the most devastating cyberattack in history with an estimated damage of $ 8.7 billion. Recipients received an email that looked like a text attachment named ILOVEYOU. If they were curious enough to open it, the program would run a script that overwritten files and sent itself as e-mail to people on the user’s contact list. Technically, he was as smart as a worm, and the application of social engineering was perhaps the most ingenious element.

In the first decade of the 21st century, Trojan attacks continued to evolve, and so did the threats they carried. Rather than exploiting people’s curiosity, Trojans took advantage of the growth in illegal downloads by hiding malware in music files, movies or video codecs. In 2002, a backdoor Trojan horse named Beast appeared that was able to infect almost all versions of Windows. Then, in late 2005, another backdoor Trojan called Zlob was distributed as the required video codec in the form of ActiveX.

The first decade of the 21st century also saw an increase in Mac users, and cybercriminals turned to them. In 2006, the discovery of the first-ever malware for Mac OS X, a non-dangerous Trojan horse known as OSX / Leap-A or OSX / Oompa-A, was announced.

The motivations behind the preparation of Trojan attacks also began to change during this time. Many early cyberattacks were motivated by the lust for power, control, or pure destruction. In the first decade of the 21st century, an increasing number of attacks were motivated by greed. In 2007, a Trojan called Zeus attacked Microsoft Windows systems to steal banking information using a keylogger . In 2008, hackers created Torpig, also known as Sinowal and Mebroot, which disabled antivirus applications, allowing you to access your computer, modify data, and steal sensitive information such as passwords and other sensitive data.

Bigger and worse

As cybercrime entered 2010, greed still mattered, but hackers started to think bigger. The rise in unidentifiable cryptocurrencies such as bitcoin has led to an increase in ransomware attacks. In 2013, the Cryptolocker Trojan horse was detected . Cryptolocker encrypts the files on the user’s hard drive and demands a ransom payment to obtain the decryption key. Later that year, a number of Trojans mimicking ransomware were also detected.

Many of the Trojans we hear about today are designed with a specific company, organization, or even government in mind.

The second decade of the 21st century also saw a shift in target groups targeted by attacks. While the approach of trying to infect as many users as possible continues for many Trojans, the approach seems to be targeted at growth. Many of the Trojans we hear about today are designed with a specific company, organization, and even government in mind. In 2010, the Stuxnet Trojan targeting Windows systems was detected . It was the first worm to attack computerized control systems. There are suspicions that it was designed to attack Iranian nuclear facilities. In 2016, the Tiny Banker Trojan(Tinba) made the headlines. Since its discovery, it has been found to have infected more than twenty major banking institutions in the United States, including TD Bank, Chase, HSBC, Wells Fargo, PNC, and Bank of America.

As one of the oldest and most common means of introducing malware, Trojans make up the history of cybercrime itself. What started out as a joke turned into network destruction, information theft, ransom extortion and seizure of power. Jokes are over. Instead, Trojans have become serious cybercriminal tools, mainly used for data theft, espionage, and Distributed Denial of Service DDoS attacks .

Types of Trojans

Trojans are versatile and very popular, so it is difficult to describe each type. Most Trojans are designed to take control of a user’s computer, steal data, spy on users or introduce malware to victims' computers. Here are some common threats that result from Trojan attacks:

  • Techniques of the so-called backdoor create remote access to the system. This type of malware alters security measures to allow a hacker to control your device, steal data, and even download more malware.
  • Spyware that observes access to online accounts or the provision of credit card details. They then pass the passwords and other identification information to the hacker.
  • Zombie Trojans that take control of a computer so that it becomes a slave on the network under the control of a hacker. This is the first step in creating a botnet (robot + web), which is often used to launch a distributed denial-of-service (DDoS) attack to destroy a network by flooding it with internet traffic.
  • Downloader Trojan that downloads and type implements other malicious modules, such as ransomware or keyloggers.
  • A dialer Trojan that may seem anachronistic as we no longer use dial-up modems, but we’ll cover more about it in the next section.

Trojan-infected applications on Android smartphones

Trojans aren’t just a problem for laptops and desktops. They also attack mobile devices , which makes sense given the tempting target of billions of used phones.

As with computers, the Trojan presents itself as a legitimate program, although it is actually a bogus version of the full malware application.

Such Trojans usually lurk in unofficial and pirated application markets, luring users to download them. Trojans launch a full range of maliciousness by infecting your phone with ads and keyloggers that can steal information. Dialer Trojans can even provide revenue for developers by sending premium SMS from infected phones.    

Browser extension add-ons can also act as Trojans ….

Android users were victims of Trojan applications downloaded from the Google Play Store, which is constantly scanned and cleaned of dangerous applications (repeatedly after a Trojan was detected). Browser extension add-ons can also act as Trojans as they have the ability to carry embedded malicious code.

While Google can remove browser add-ons from computers, Trojans on phones may place icons that are invisible on the screen. The user cannot see them, but can launch malware through them if he touches them.

As for iPhone users, there is good news: Apple’s restrictive policies on access to the App Store, iOS, and any other application on the phone do a good job of preventing Trojan intrusions. The only exception is for those who have jailbroken their phones to be able to download free files from sites other than the App Store. Installing risky applications outside of Apple’s restrictions makes the user vulnerable to Trojans.

How to remove a Trojan?

When a Trojan infects a device, the most universal way to clean it and restore it to the desired state is to use a good-quality, automated antivirus tool and perform a full system scan.

There are many free antivirus programs, including our own products for Windows, Android and Mac, that detect and remove adware and malware. In fact, Malwarebytes detects all known Trojans and other threats as 80% of the Trojan detection process is performed using heuristic analysis. We even help limit additional infections by cutting off communication between malware and any backend server, which isolates Trojans. The only exception is ransomware protection, which requires our premium product.

How to protect the system from Trojans?

Since Trojan infection occurs by tricking users into letting them into computers, most infections can be avoided by being vigilant and following good security habits. Practice healthy skepticism about websites that offer free movies or gambling. Instead, choose free programs directly from the manufacturer, not the unauthorized servers mirror.