A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
The term “Trojan” derives from the ancient Greek story about the deceptive Trojan horse which led to the fall of the city of Troy. When it comes to your computer, a Trojan virus operates similarly – it hides within seemingly harmless programs or tries to trick you into downloading it. The name was coined in a US Air Force report in 1974, which speculated on hypothetical ways computers could be compromised.
You will sometimes hear people refer to a "Trojan virus" or a "Trojan horse virus," but these terms are slightly misleading. This is because, unlike viruses, Trojans don’t self-replicate. Instead, a Trojan horse spreads by pretending to be useful software or content while secretly containing malicious instructions. It is more useful to think of “Trojan” as an umbrella term for malware delivery, which hackers use for various threats.
A Trojan must be executed by its victim to do its work. Trojan malware can infect devices in several ways – for example:
The term “Trojan dropper” is sometimes used in relation to Trojans. Droppers and downloaders are helper programs for various types of malware, including Trojans. Usually, they are implemented as scripts or small applications. They don’t carry any malicious activity themselves but instead pave the way for attacks by downloading, decompressing, and installing the core malicious modules.
Trojans are classified according to the type of actions that they can perform on your computer. Trojan horse virus examples include:
A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer – including sending, receiving, launching, and deleting files, displaying data, and rebooting the computer. Backdoor Trojans are often used to unite a group of victim computers to form a botnet or zombie network that can be used for criminal purposes.
Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that's running on your computer.
Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems, and credit or debit cards.
Clampi – also known as Ligats and Ilomo – lies in wait for users to sign in to make a financial transaction, such as accessing online banking or entering credit card information for an online purchase. Clampi is sophisticated enough to hide behind firewalls and go undetected for long periods.
Cryxos is commonly associated with so-called scareware or fake support call requests. Typically, victims receive a pop-up containing a message like "Your device has been hacked" or "Your computer is infected". The user is directed to a phone number for support. If the user calls the number, they are pressured to pay for assistance. In some cases, the user may be asked to give remote access of their machine to the “customer service agent”, potentially leading to device hijack and data theft.
These programs conduct DDoS (Distributed Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address, leading to a denial of service.
Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware.
These programs are used by hackers to install Trojans or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.
Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats, even though the threats they report are non-existent.
This type of program steals user account information from online gamers.
Geost is an Android banking Trojan. It hides in malicious apps which are distributed through unofficial webpages with randomly generated server hostnames. Victims typically encounter these when they look for apps that are not available on Google Play. Once the app is downloaded, it requests permissions which, when enabled, allow malware infection. Geost was discovered after the gang behind it made security mistakes, allowing researchers to see right into their operation and even identify some of the perpetrators.
Trojan-IM programs steal your logins and passwords for instant messaging programs – such as WhatsApp, Facebook Messenger, Skype, and many more. This type of Trojan can allow the attacker to control chat sessions, sending the Trojan to anybody on your contact list. They can also perform DDoS attacks using your computer.
These programs can harvest email addresses from your computer, allowing cyber criminals to send mass mailings of malware and spam to your contacts.
This type of Trojan can modify data on your computer – so that your computer doesn't run correctly, or you can no longer use specific data. The criminal will only restore your computer's performance or unblock your data after you have paid them the ransom money they demand.
Remote Access Trojans
Abbreviated as RAT, Remote Access Trojans give hackers complete control over your computer from a remote location. They can be used to steal information or spy on you. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers to establish a botnet.
Rootkits are designed to conceal certain objects or activities in your system. Often their primary purpose is to prevent malicious programs from being detected – to extend the period in which programs can run on an infected computer.
These programs can cost you money by sending text messages from your mobile device to premium rate phone numbers.
Trojan-Spy programs can spy on how you're using your computer – for example, by tracking the data you enter via your keyboard, taking screenshots, or getting a list of running applications.
Qakbot is an advanced banking Trojan. Believed to be the first malware specifically designed to harvest banking information, this is often used in conjunction with other well-known tools.
Trojan Wacatac is a highly damaging Trojan threat that can carry out various malicious actions on the target system. It usually infiltrates via phishing emails, file-sharing over infected networks, and software patches. It aims to steal confidential data and share them with hackers. It can also allow remote access to hackers to carry out harmful tasks.
Other Trojans examples include:
Trojans are incredibly good at hiding. They trick users into installing them and then work behind the scenes to achieve their aim. If you fall victim, you may not even realize it until it's too late. If you suspect your device may have been breached by Trojan malware, you should look out for the following signs:
It is possible to remove some Trojans by disabling start-up items on your computer which don’t come from trusted sources. To this, reboot your device into safe mode so that the Trojan can’t stop you from removing it.
Be clear about which specific programs you are removing because you could slow or disable your system if you remove basic programs your computer needs to function.
In short: yes. Trojan malware can affect mobile devices as well as laptop and desktop machines. When this happens, it’s usually via what seems like a legitimate program but is actually a fake version of an app that contains malware. Usually, these programs have been downloaded from unofficial or pirate app markets by unsuspecting users – a recent example being a fake version of the Clubhouse app. Trojanized apps can steal information from your phone and also make money for the hackers by causing it to send premium-rate SMS text messages.
However, it is quite rare for an iPhone to be infected by a Trojan – partly because of Apple's "walled garden" approach, which means that third-party apps must be approved and vetted through the App Store, and partly because apps on iOS are sandboxed. This means they can't interact with other apps or gain deep access to your phone's operating system. However, if your iPhone has been jailbroken, you won’t enjoy the same level of protection against malware.
As ever, a combination of comprehensive antivirus protection and good cybersecurity hygiene is your best protection from Trojan malware:
By installing effective antivirus software, you can defend your devices – including PCs, laptops, Macs, tablets, and smartphones – against Trojans. A robust antivirus solution – such as Kaspersky Total Security – will detect and prevent Trojan attacks on your devices and ensure a safer online experience.