The classic tale of the Trojan Horse is a prime example that not everything is as it seems upon first glance. As told by Virgil in the Aeneid, the ancient Greeks constructed a large, hollow wooden horse, left it outside the gates of Troy, and pretended to sail away. The people of Troy- the Trojans- believed the Greeks to be surrendering their siege and thus wheeled the giant wooden horse into the city, not knowing that Greek forces were hiding inside the horse the whole time. When night struck, the Greek forces lowered the gates to the city and allowed reinforcements into Troy, conquering the city. This very story is where the malware known as a “Trojan Horse”, or simply “Trojan”, gets its name.
What is a Trojan Horse?
Just like the fabled wooden horse, a Trojan employs subterfuge and trickery to gain access to your system and later wreaks havoc whenever you least expect it by delivering other threats to your machine. Simply put, the trademark function of a Trojan is to install other malware onto the devices they infect. In many cases, Trojans are used to “deliver any number of threats, from ransomware that immediately demands money, to spyware that conceals itself while it steals valuable information like personal and financial data” (Malwarebytes). No matter what the purpose of a given Trojan may be, they all “can cause data loss, financial loss, and even identity theft”, resulting in many headaches for those who are infected (McAfee).
There are many different types of Trojans out in the world, each having their own capabilities and features. However, the most generic types of Trojan act just like the wooden horse in the myth: a vehicle for delivery which “downloads onto a computer disguised as a legitimate program” (Fortinet). This may take the form of a digital game, a piece of software, or even an extension or plugin for existing applications which, in some cases, will work as expected in order to give users a false sense of security. Meanwhile, with the user unaware, the Trojan can activate, usually performing two functions: installing other malware onto the device and opening up the device to the hacker who created or manages the Trojan.
The types of malware a Trojan will install depends on the purpose of the Trojan itself. The purpose of some Trojans is “opening the door for further malware that can even take the entire computer hostage”, while other Trojans may install spyware, which is malware that captures keystrokes and records the screen (Kaspersky). Some Trojans are designed with specific types of systems in mind- such as banking-related devices- while others are created to infect a wider variety of devices. Additionally, many Trojans are “designed to provide unauthorized, remote access to a user’s computer”, giving hackers the opportunity to manually infect or even utilize the compromised device, most often without the user knowing (McAfee). Some hackers will attempt to infect as many devices with a Trojan as possible to create a botnet- a network of devices all under the control of a hacker often without the device owners’ knowledge- to perform other types of cyber attacks. Malwarebytes refers to a Trojan Horse as “a Swiss Army knife of hacking” due to their versatility; they can act “as a bit of standalone malware, or as a tool for other activities, such as delivering future payloads, communicating with the hacker at a later time, or opening up the system to attacks”. Some Trojans are “able to carry out any action that a legitimate user could perform, such as exporting files, modifying data, deleting files or otherwise altering the contents of the device” (Baker). As a result, they may be able to collect sensitive data from the device while also allowing other malware to cause problems on the computer or they may delete crucial files or data from the device. Other Trojans may also have spyware built into them directly, meaning that they “can capture keystrokes… take screenshots, [and] record video and audio from webcams and microphones” (McAfee). This wide versatility is what makes a Trojan so dangerous: you never know what a Trojan might be used for until it is examined.
Importantly, just like how the Trojan soldiers were tricked into bringing the wooden horse into their city, Trojans require the victim to allow them access to their device. A Trojan “cannot replicate itself or self-execute”in the way that viruses or a worms can; rather,they require “specific and deliberate action from the user” (Baker). Once a Trojan is installed on a device, it “hide[s] in plain sight, waiting for the user to run” the Trojan (McAfee). Since it is disguised as a legitimate item, the user will unfortunately not think twice about running it.
Ways a Trojan Can Be Spread
There are many ways in which a Trojan Horse can sneak onto a computer. As mentioned above, Trojans “may be packaged in downloads for games, tools, apps or even software patches” that all pose as legitimate, malware-free items(Baker). In particular, Trojans often “lurk on unofficial and pirate app markets, enticing users to download them” (Malwarebytes). While a user may believe they are getting free, pirated access to a paid application, they are also installing malware onto their system. Similarly, Trojans can be “hidden within legitimate software that has been tampered with”, which is why it is extremely important to verify the source of any software that you plan to install on your device (McAfee). This includes extensions, plugins, and add-ons that you can install to your web browser; these are “capable of carrying embedded bad code” (Malwarebytes).
Alternatively, some Trojans spread “through legitimate-looking emails and files attached to emails, which are spammed to reach the inboxes of as many people as possible” (Fortinet). This is why it is extremely important to never download and open the attachments from an email unless you know for certain that they are safe. It is always better to be safe than sorry. Other Trojans “could be hidden in banner advertisements, pop-up advertisements, or links on websites” (Fortinet). This is known as malvertising: enticing ads are created to get unsuspecting users to click on them, which in turn can install malware, such as Trojans, or lead to phishing websites.
Finally, it is extremely important to note that smartphones and other mobile smart devices are also susceptible to Trojans that utilize mobile malware (Fortinet). Furthermore, there are Trojans designed to infect devices that run Windows as well as those that run MacOS for the operating system software. Thus, you must remain vigilant no matter which device you use in order to remain safe.
How to Tell if Your Device is Infected with a Trojan
Unlike some malware that make themselves known to the user, like ransomware, Trojans are “designed to run silently in the background while they perform their malicious tasks, without the user’s knowledge or consent” (McAfee). In some cases, Trojans can “remain on a device for months without the user knowing their computer has been infected” (Fortinet). While one sign of a Trojan being on a device is “unusual activity such as computer settings being changed unexpectedly”, this could also be the result of a variety of other causes (Fortinet). Thus, it can be difficult to tell whether or not your device has been infected with a Trojan without the help of anti-malware software. The use of anti-malware, malware-removal, or Trojan scanning software is one of the best ways to determine whether or not a Trojan has infected your device and to help remove the Trojan (Fortinet).
Furthermore, if you believe that your device has a Trojan- or any other malware- installed on it, it is a good idea to “contact a reputable cybersecurity professional immediately to help rectify the situation and put proper measures in place to prevent similar attacks from occurring in the future” (Baker). That way, you can ensure that the Trojan is removed properly and your system restored as best as possible. This is especially important if the potentially infected device is a company-owned device; if your work computer has been infected or is exhibiting strange behavior, it is best to report potential infection to your company’s IT team immediately.
How to Stay Safe
Just like with any type of malware, there are a variety of steps you can take to keep yourself safe from Trojans. As mentioned before, having anti-malware software installed onto your system is a great way to prevent a Trojan from infecting your device. In many cases, anti-malware programs “can detect and eliminate most Trojans before they can inflict damage, as well as provide real-time protection as you surf the internet, download files or access email” (McAfee). That way, you can have some peace of mind while performing your usual activities on your device. If anything suspicious occurs, your anti-malware software can help catch it before too much damage can be done. However, it is also important to note that “most infections are avoidable by remaining vigilant and observing good security habits. Practice a healthy skepticism about websites offering free movies or gambling, opting instead to download free programs directly from the producer’s site” (Malwarebytes). As the saying goes, if it seems too good to be true, then it probably is. Furthermore, whenever installing software or downloading media, avoid using dubious or illegal sources; while you may think you are getting a deal, you may actually be installing Trojans and other malware right onto your device (Kaspersky). Additionally, it is important to “[k]eep your operating systems updated and patched… and avoid phishing attacks by carefully inspecting inbound emails” (Fortinet). Many types of malware will attempt to use security flaws in your device’s software and operating system, and by keeping your device up to date, you will be keeping your device secure.
While it is extremely important to put measures in place to prevent a Trojan or malware infection, ensuring that you have a plan in place for a possible infection is also crucial. For example, “[i]f you have important data stored on your system, it is crucial to back it up regularly” (McAfee). That way, if your device does become infected, you will still have your important or sensitive data stored safely on your backup. Once your device is Trojan-free, you can utilize your backup to recover any data you may have lost as a result of the Trojan itself or Trojan-removal process. Finally, if you are part of a company or organization, it is a smart idea to have a policy and procedure in place to handle a situation involving a Trojan Horse- as well as other malware or cybersecurity issues- to help mitigate the amount of damage that may be caused.
Resources & Further Reading
Baker, Kurt. “What Is a Trojan Horse? Trojan Malware Explained | CrowdStrike.” Crowdstrike.com, CrowdStrike, 17 June 2022, www.crowdstrike.com/en-us/cybersecurity-101/malware/trojans/.
Fortinet. “What Is a Trojan Horse? Trojan Virus and Malware Explained.” Fortinet, Fortinet, Inc, 2022, www.fortinet.com/resources/cyberglossary/trojan-horse-virus.
Kaspersky. “What Is a Trojan Horse Virus? Types and How to Remove It.” Kaspersky.com, AO Kaspersky Labs, 2019, www.kaspersky.com/resource-center/threats/trojans.
MalwareBytes. “Trojan Horse – Virus or Malware?” Malwarebytes, Malwarebytes, www.malwarebytes.com/trojan.
McAfee. “What Is a Trojan Horse? | McAfee.” McAfee, McAfee, LLC, 6 Dec. 2022, www.mcafee.com/learn/trojan-horse/.
The H.A.C.K.E.R. Project 
Leave a comment