What is a Trojan?
The malicious malware lurks behind legitimate software to invade your computer
What was once the name for a wooden horse that was used to sneak Greek soldiers inside the walls of Troy is now a term that puts IT professionals on edge. A Trojan, often referred to as a Trojan horse, is a form of malware disguised as legitimate software that either causes damages to a user's device or enables external access to it.
As their namesake suggests, Trojans prefer to remain undetected on a user's machine, slowly gathering information about it before performing malicious functions. Once inside it can copy info to send back to its creator, block access to data, and even drain the machine of resources.
There are a number of Trojan classifications and each one can perform different malicious tasks on your computer, such as embedding a backdoor or injecting Rootkits which conceal certain objects or activities in your system. There are even Trojans that attempt to take financial information and even those that attack with DDoS software.
In 2019, an internationally coordinated effort from law enforcement agencies sized a website selling Trojan tools thought to be responsible for infecting thousands of computers. A larger percentage of these were Remote Access Trojans (RATs) that were sold for as little as $25.
Once a trojan has made its way onto a machine it's often too late to prevent malicious functions from initiating, making it one of the most effective tools for hackers.
Types of Trojan
There's a wide range of Trojan types out there, each named according to the methods they deploy to attack a system.
As the name suggests, Backdoor Trojans are designed to grant an external user full control over a system by creating a breach in a system - known as a 'backdoor'. This can then be exploited to repeatedly gain access to the system to steal or spy on its contents. The longer this door is open, the more damage a hacker can do.
Download Trojans get their name from being able to download other malware types once it has worked its way onto a system. Although a range of malicious tools can be installed, these Trojans often turn to keyloggers and cryptocurrency miners to secretly harvest data, often ending the attack with a ransomware infection.
Remote Access Trojans, or RATs, give cyber criminals full control over your machine via a remote network connection. These are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment.
Banking Trojans, also known as 'Trojan bankers', are so-called for their penchant for financial gain, typically lying in wait on a system until a user attempts to access their online banking service. The Trojan triggers by sending the user instead to a fake website, designed to mimic a legitimate bank, where it attempts to trick the user into entering their details.
Banking Trojans have been highly successful in the past, with notable examples such as Zeus, Dridex and Kronos. With today's heightened security and proactive attempts to clamp down on this style of attack, banking Trojans aren't as prevalent as they once were.
How to protect against Trojans
While Trojans can cause significant damage if loaded on someone's system, there are ways to prevent malware from causing problems.
Simple steps such as avoiding unsafe websites and keeping accounts safe with secure passwords and firewalls can help prevent malware attacks. Updating a device's operating system as soon as possible will also help prevent Trojans from causing damage as malware tends to exploit the problems in outdated software.
It's also advisable to back up your files regularly, as if a Trojan infects your computer, this will help you to easily restore your data.
However, perhaps the most effective way of preventing this kind of malware attack is by installing anti-malware software on devices and running diagnostic scans with this software periodically.
Five lessons learned from the pivot to a distributed workforce
Delivering continuity and scale with a remote work strategyDownload now
Connected experiences in a digital transformation
Enable businesses to meet the demands of the futureDownload now
Simplify to secure
Reduce complexity by integrating your security ecosystemDownload now