What is a Trojan?

April 1, 2021

What is Trojan Malware

A Trojan is a type of malware that disguises itself as legitimate code or software. Once inside the network, attackers are able to carry out any action that a legitimate user could perform, such as exporting files, modifying data, deleting files or otherwise altering the contents of the device. Trojans may be packaged in downloads for games, tools, apps or even software patches. Many Trojan attacks also leverage social engineering tactics, as well as spoofing and phishing, to prompt the desired action in the user.

A Trojan is sometimes called a Trojan virus or Trojan horse virus, but those terms are technically incorrect. Unlike a virus or worm, Trojan malware cannot replicate itself or self-execute. It requires specific and deliberate action from the user.

Trojan Malware: What It Does

Like most forms of malware, Trojans are designed to damage files, redirect internet traffic, monitor the user’s activity, steal sensitive data or set up backdoor access points to the system. Trojans may delete, block, modify, leak or copy data, which can then be sold back to the user for ransom or on the dark web.

Mobile Trojans

While most people associate Trojan attacks with desktop or laptop computers, they can be used to target mobile devices, such as smartphones, tablets or any other device that connects to the internet.

Like a traditional malware attack, mobile Trojan attacks are disguised as legitimate programs, usually as an app or other commonly downloaded item. Many of these files originate from unofficial, pirated app marketplaces and are designed to steal data and files from the device.

2022 CrowdStrike Global Threat Report

Download the 2022 Global Threat Report to find out how security teams can better protect the people, processes, and technologies of a modern enterprise in an increasingly ominous threat landscape.

Download Now

10 Types of Trojan Malware

Trojans are a very common and versatile attack vehicle for cybercriminals. Here we explore 10 examples of Trojans and how they work:

  1. Exploit Trojan: As the name implies, these Trojans identify and exploit vulnerabilities within software applications in order to gain access to the system.
  2. Downloader Trojan: This type of malware typically targets infected devices and installs a new version of a malicious program onto the device.
  3. Ransom Trojan: Like general ransomware, this Trojan malware extorts users in order to restore an infected device and its contents.
  4. Backdoor Trojan: The attacker uses the malware to set up access points to the network.
  5. Distributed Denial of Service (DDoS) attack Trojan: Backdoor Trojans can be deployed to multiple devices in order to create a botnet, or zombie network, that can then be used to carry out a DDoS attack. In this type of attack, infected devices can access wireless routers, which can then be used to redirect traffic or flood a network.
  6. Fake AV Trojan: Disguised as antivirus software, this Trojan is actually ransomware that requires users to pay fees to detect or remove threats. Like the software itself, the issues this program claims to have found are usually fake.
  7. Rootkit Trojan: This program attempts to hide or obscure an object on the infected computer or device in order to extend the amount of time the program can run undetected on an infected system.
  8. SMS Trojan: A mobile device attack, this Trojan malware can send and intercept text messages. It can also be used to generate revenue by sending SMS messages to premium-rate numbers.
  9. Banking Trojan or Trojan Banker: This type of Trojan specifically targets financial accounts. It is designed to steal data related to bank accounts, credit or debit cards or other electronic payment platforms.
  10. Trojan GameThief: This program specifically targets online gamers and attempts to access their gaming account credentials.

Expert Tip

Fun Fact: Trojans derive their name from the Greek mythical tale, Ulysses, wherein Greek warriors hid inside a hollow wooden horse. Their opponent, the Trojans, thought the horse was a blessing from the gods and brought it inside the city walls, unwittingly unleashing an attack. Much like Trojan horse in the epic, digital adversaries that deploy Trojans often rely on social engineering and trickery to deceive users into downloading and running malicious programs.

Where Can You Get Trojans?

Trojans are one of the most common threats on the internet, affecting businesses and individuals alike. While many attacks focused on Windows or PC users in the past, a surge in Mac users has increased macOS attacks, making Apple loyalists susceptible to this security risk. In addition, mobile devices, such as phones and tablets, are also vulnerable to Trojans.

Some of the most common ways for devices to become infected with Trojans can be linked to user behavior, such as:

  • Downloading pirated media, including music, video games, movies, books, software or paid content
  • Downloading any unsolicited material, such as attachments, photos or documents, even from familiar sources
  • Accepting or allowing a pop-up notification without reading the message or understanding the content
  • Failing to read the user agreement when downloading legitimate applications or software
  • Failing to stay current with updates and patches for browsers, the OS, applications and software

How to Protect Against Trojan Attacks

For everyday users, the best way to protect against Trojan attacks is by practicing responsible online behavior, as well as implementing some basic preventive measures.

Best practices for responsible online behavior include:

  • Never click unsolicited links or download unexpected attachments.
  • Use strong, unique passwords for all online accounts, as well as devices.
  • Only access URLs that begin with HTTPS.
  • Log into your account through a new browser tab or official app — not a link from an email or text.
  • Use a password manager, which will automatically enter a saved password into a recognized site (but not a spoofed site).
  • Use a spam filter to prevent a majority of spoofed emails from reaching your inbox.
  • Enable two-way authentication whenever possible, which makes it far more difficult for attackers to exploit.
  • Ensure updates for software programs and the OS are completed immediately.
  • Back up files regularly to help restore the computer in the event of an attack.

In addition, consumers should take steps to protect their devices and prevent them from all types of malware attacks. This means investing in cybersecurity software, which can detect many threats or block them from infecting the device.

Preventing Trojan Attacks for Enterprise Clients

For enterprise organizations, protection against Trojans is especially important as a breach on one computer can lead to the entire network being compromised. Further, because malware programs, such as Trojans, are always evolving, the only way to prevent such breaches or minimize damage is to take a comprehensive cybersecurity strategy that leverages next-generation tools and technologies, as well as human intelligence, to stop Trojans and other types of malware before they infect the systems.

Why Traditional Antivirus Software Doesn’t Stop Malware
Traditional antivirus programs, which compare suspected threats to a list of known threats by looking for indicators of compromise (IOCs), simply cannot keep up with the frenzied pace at which new malware is emerging. This leaves organizations in the weak position of always being a step behind their adversaries, only able to react to attacks and never able to proactively prevent them.

Organizations must adopt an integrated combination of methods to prevent and detect all types of malware, including spyware. These methods include machine learning, exploit blocking, behavioral analysis and blocklisting. Here we review these capabilities within the context of CrowdStrike Falcon®, the market’s leading cloud-native security platform.

Machine Learning
Falcon uses machine learning to block malware without using signatures. Instead, it relies on mathematical algorithms to analyze files and can protect the host even when it is not connected to the internet.

Exploit Blocking
Malware does not always come in the form of a file that can be analyzed by machine learning. Some types of malware may be deployed directly into memory through the use of exploit kits. To defend against these, Falcon provides an exploit blocking function that adds another layer of protection.

Behavioral Analysis
What about fileless malware that doesn’t use an exploit kit, such as certain types of ransomware? To protect systems against these threats, Falcon uses indicators of attack (IOAs), which look across both legitimate and suspicious activities to detect stealthy chains of events that indicate malware infection attempts. Most IOAs can prevent non-malware attacks as well.

Falcon also allows organizations to blocklist applications, automatically preventing them from running anywhere in the organization.

CrowdStrike Falcon combines these methods with innovative technologies that run in the cloud for faster, more up-to-the-minute defenses. To learn more, contact our organization to schedule a demo or enroll in a trial.

What to Do When Affected by a Trojan Virus

The growing sophistication of digital adversaries makes it increasingly difficult for users to properly resolve Trojan attacks on their own. Ideally, if a person suspects that their system has been infected by a Trojan or other type of malware attack, they should contact a reputable cybersecurity professional immediately to help rectify the situation and put proper measures in place to prevent similar attacks from occurring in the future. At a minimum, consumers should download an antivirus program and malware removal service from a reputable provider.

For enterprise clients, it is important to work with a trusted cybersecurity partner to assess the nature of the attack and its scope. As discussed above, many traditional antivirus and malware removal programs will not adequately remediate existing threats or prevent future events.